< draft-ietf-dots-signal-channel-16.txt   draft-ietf-dots-signal-channel-17.txt >
DOTS T. Reddy, Ed. DOTS T. Reddy, Ed.
Internet-Draft McAfee Internet-Draft McAfee
Intended status: Standards Track M. Boucadair, Ed. Intended status: Standards Track M. Boucadair, Ed.
Expires: July 15, 2018 Orange Expires: July 26, 2018 Orange
P. Patil P. Patil
Cisco Cisco
A. Mortensen A. Mortensen
Arbor Networks, Inc. Arbor Networks, Inc.
N. Teague N. Teague
Verisign, Inc. Verisign, Inc.
January 11, 2018 January 22, 2018
Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal Distributed Denial-of-Service Open Threat Signaling (DOTS) Signal
Channel Channel Specification
draft-ietf-dots-signal-channel-16 draft-ietf-dots-signal-channel-17
Abstract Abstract
This document specifies the DOTS signal channel, a protocol for This document specifies the DOTS signal channel, a protocol for
signaling the need for protection against Distributed Denial-of- signaling the need for protection against Distributed Denial-of-
Service (DDoS) attacks to a server capable of enabling network Service (DDoS) attacks to a server capable of enabling network
traffic mitigation on behalf of the requesting client. traffic mitigation on behalf of the requesting client.
A companion document defines the DOTS data channel, a separate A companion document defines the DOTS data channel, a separate
reliable communication layer for DOTS management and configuration reliable communication layer for DOTS management and configuration
skipping to change at page 1, line 44 skipping to change at page 1, line 44
o "This version of this YANG module is part of RFC XXXX;" o "This version of this YANG module is part of RFC XXXX;"
o "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling o "RFC XXXX: Distributed Denial-of-Service Open Threat Signaling
(DOTS) Signal Channel"; (DOTS) Signal Channel";
o "| 3.00 | Alternate server | [RFCXXXX] |" o "| 3.00 | Alternate server | [RFCXXXX] |"
o reference: RFC XXXX o reference: RFC XXXX
o This RFC
Please update TBD statements with the port number to be assigned to Please update TBD statements with the port number to be assigned to
DOTS Signal Channel Protocol. DOTS Signal Channel Protocol.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 15, 2018. This Internet-Draft will expire on July 26, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 4 skipping to change at page 3, line 4
4.1. DOTS Server(s) Discovery . . . . . . . . . . . . . . . . 8 4.1. DOTS Server(s) Discovery . . . . . . . . . . . . . . . . 8
4.2. CoAP URIs . . . . . . . . . . . . . . . . . . . . . . . . 8 4.2. CoAP URIs . . . . . . . . . . . . . . . . . . . . . . . . 8
4.3. Happy Eyeballs for DOTS Signal Channel . . . . . . . . . 9 4.3. Happy Eyeballs for DOTS Signal Channel . . . . . . . . . 9
4.4. DOTS Mitigation Methods . . . . . . . . . . . . . . . . . 10 4.4. DOTS Mitigation Methods . . . . . . . . . . . . . . . . . 10
4.4.1. Request Mitigation . . . . . . . . . . . . . . . . . 11 4.4.1. Request Mitigation . . . . . . . . . . . . . . . . . 11
4.4.2. Retrieve Information Related to a Mitigation . . . . 24 4.4.2. Retrieve Information Related to a Mitigation . . . . 24
4.4.3. Efficacy Update from DOTS Clients . . . . . . . . . . 31 4.4.3. Efficacy Update from DOTS Clients . . . . . . . . . . 31
4.4.4. Withdraw a Mitigation . . . . . . . . . . . . . . . . 33 4.4.4. Withdraw a Mitigation . . . . . . . . . . . . . . . . 33
4.5. DOTS Signal Channel Session Configuration . . . . . . . . 34 4.5. DOTS Signal Channel Session Configuration . . . . . . . . 34
4.5.1. Discover Configuration Parameters . . . . . . . . . . 36 4.5.1. Discover Configuration Parameters . . . . . . . . . . 36
4.5.2. Convey DOTS Signal Channel Session Configuration . . 39 4.5.2. Convey DOTS Signal Channel Session Configuration . . 41
4.5.3. Delete DOTS Signal Channel Session Configuration . . 45 4.5.3. Delete DOTS Signal Channel Session Configuration . . 45
4.6. Redirected Signaling . . . . . . . . . . . . . . . . . . 46 4.6. Redirected Signaling . . . . . . . . . . . . . . . . . . 46
4.7. Heartbeat Mechanism . . . . . . . . . . . . . . . . . . . 47 4.7. Heartbeat Mechanism . . . . . . . . . . . . . . . . . . . 47
5. DOTS Signal Channel YANG Module . . . . . . . . . . . . . . . 49 5. DOTS Signal Channel YANG Module . . . . . . . . . . . . . . . 49
5.1. Tree Structure . . . . . . . . . . . . . . . . . . . . . 49 5.1. Tree Structure . . . . . . . . . . . . . . . . . . . . . 49
5.2. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 51 5.2. YANG Module . . . . . . . . . . . . . . . . . . . . . . . 51
6. Mapping Parameters to CBOR . . . . . . . . . . . . . . . . . 66 6. Mapping Parameters to CBOR . . . . . . . . . . . . . . . . . 65
7. (D)TLS Protocol Profile and Performance Considerations . . . 67 7. (D)TLS Protocol Profile and Performance Considerations . . . 67
7.1. (D)TLS Protocol Profile . . . . . . . . . . . . . . . . . 67 7.1. (D)TLS Protocol Profile . . . . . . . . . . . . . . . . . 67
7.2. (D)TLS 1.3 Considerations . . . . . . . . . . . . . . . . 69 7.2. (D)TLS 1.3 Considerations . . . . . . . . . . . . . . . . 68
7.3. MTU and Fragmentation . . . . . . . . . . . . . . . . . . 70 7.3. MTU and Fragmentation . . . . . . . . . . . . . . . . . . 69
8. Mutual Authentication of DOTS Agents & Authorization of DOTS 8. Mutual Authentication of DOTS Agents & Authorization of DOTS
Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 72
9.1. DOTS Signal Channel UDP and TCP Port Number . . . . . . . 72 9.1. DOTS Signal Channel UDP and TCP Port Number . . . . . . . 72
9.2. Well-Known 'dots' URI . . . . . . . . . . . . . . . . . . 72 9.2. Well-Known 'dots' URI . . . . . . . . . . . . . . . . . . 72
9.3. CoAP Response Code . . . . . . . . . . . . . . . . . . . 73 9.3. CoAP Response Code . . . . . . . . . . . . . . . . . . . 72
9.4. DOTS Signal Channel CBOR Mappings Registry . . . . . . . 73 9.4. DOTS Signal Channel CBOR Mappings Registry . . . . . . . 73
9.4.1. Registration Template . . . . . . . . . . . . . . . . 73 9.4.1. Registration Template . . . . . . . . . . . . . . . . 73
9.4.2. Initial Registry Contents . . . . . . . . . . . . . . 74 9.4.2. Initial Registry Content . . . . . . . . . . . . . . 73
9.5. DOTS Signal Channel YANG Module . . . . . . . . . . . . . 80 9.5. DOTS Signal Channel YANG Module . . . . . . . . . . . . . 75
10. Implementation Status . . . . . . . . . . . . . . . . . . . . 80 10. Implementation Status . . . . . . . . . . . . . . . . . . . . 75
10.1. nttdots . . . . . . . . . . . . . . . . . . . . . . . . 81 10.1. nttdots . . . . . . . . . . . . . . . . . . . . . . . . 76
11. Security Considerations . . . . . . . . . . . . . . . . . . . 81 11. Security Considerations . . . . . . . . . . . . . . . . . . . 76
12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 82 12. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 77
13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 82 13. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 77
14. References . . . . . . . . . . . . . . . . . . . . . . . . . 82 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 78
14.1. Normative References . . . . . . . . . . . . . . . . . . 82 14.1. Normative References . . . . . . . . . . . . . . . . . . 78
14.2. Informative References . . . . . . . . . . . . . . . . . 85 14.2. Informative References . . . . . . . . . . . . . . . . . 80
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 84
1. Introduction 1. Introduction
A distributed denial-of-service (DDoS) attack is an attempt to make A distributed denial-of-service (DDoS) attack is an attempt to make
machines or network resources unavailable to their intended users. machines or network resources unavailable to their intended users.
In most cases, sufficient scale can be achieved by compromising In most cases, sufficient scale can be achieved by compromising
enough end-hosts and using those infected hosts to perpetrate and enough end-hosts and using those infected hosts to perpetrate and
amplify the attack. The victim in this attack can be an application amplify the attack. The victim in this attack can be an application
server, a host, a router, a firewall, or an entire network. server, a host, a router, a firewall, or an entire network.
skipping to change at page 7, line 25 skipping to change at page 7, line 25
or IPv6 transfer capabilities. A Happy Eyeballs procedure for DOTS or IPv6 transfer capabilities. A Happy Eyeballs procedure for DOTS
signal channel is specified in Section 4.3. signal channel is specified in Section 4.3.
Messages exchanged between DOTS agents are serialized using Concise Messages exchanged between DOTS agents are serialized using Concise
Binary Object Representation (CBOR) [RFC7049], CBOR is a binary Binary Object Representation (CBOR) [RFC7049], CBOR is a binary
encoding scheme designed for small code and message size. CBOR- encoding scheme designed for small code and message size. CBOR-
encoded payloads are used to carry signal channel-specific payload encoded payloads are used to carry signal channel-specific payload
messages which convey request parameters and response information messages which convey request parameters and response information
such as errors. In order to allow the use of the same data models, such as errors. In order to allow the use of the same data models,
[RFC7951] specifies the JSON encoding of YANG-modeled data. A [RFC7951] specifies the JSON encoding of YANG-modeled data. A
similar effort for CBOR is defined in [I-D.ietf-core-yang-cbor]. All similar effort for CBOR is defined in [I-D.ietf-core-yang-cbor].
parameters in the payload of the DOTS signal channel are mapped to
CBOR types as specified in Section 6.
From that standpoint, this document specifies a YANG data model for From that standpoint, this document specifies a YANG module for
representing mitigation scopes and DOTS signal channel session representing mitigation scopes and DOTS signal channel session
configuration data (Section 5). Representing these data as CBOR data configuration data (Section 5). Representing these data as CBOR data
is assumed to follow the rules in [I-D.ietf-core-yang-cbor] or those is assumed to follow the rules in [I-D.ietf-core-yang-cbor] or those
in [RFC7951] combined with JSON/CBOR conversion rules in [RFC7049]. in [RFC7951] combined with JSON/CBOR conversion rules in [RFC7049].
All parameters in the payload of the DOTS signal channel are mapped
to CBOR types as specified in Section 6.
In order to prevent fragmentation, DOTS agents must follow the In order to prevent fragmentation, DOTS agents must follow the
recommendations documented in Section 4.6 of [RFC7252]. Refer to recommendations documented in Section 4.6 of [RFC7252]. Refer to
Section 7.3 for more details. Section 7.3 for more details.
DOTS agents MUST support GET, PUT, and DELETE CoAP methods. The DOTS agents MUST support GET, PUT, and DELETE CoAP methods. The
payload included in CoAP responses with 2.xx and 3.xx Response Codes payload included in CoAP responses with 2.xx and 3.xx Response Codes
MUST be of content type "application/cbor" (Section 5.5.1 of MUST be of content type "application/cbor" (Section 5.5.1 of
[RFC7252]). CoAP responses with 4.xx and 5.xx error Response Codes [RFC7252]). CoAP responses with 4.xx and 5.xx error Response Codes
MUST include a diagnostic payload (Section 5.5.2 of [RFC7252]). The MUST include a diagnostic payload (Section 5.5.2 of [RFC7252]). The
skipping to change at page 9, line 8 skipping to change at page 9, line 8
4.2. CoAP URIs 4.2. CoAP URIs
The DOTS server MUST support the use of the path-prefix of "/.well- The DOTS server MUST support the use of the path-prefix of "/.well-
known/" as defined in [RFC5785] and the registered name of "dots". known/" as defined in [RFC5785] and the registered name of "dots".
Each DOTS operation is indicated by a path-suffix that indicates the Each DOTS operation is indicated by a path-suffix that indicates the
intended operation. The operation path (Table 1) is appended to the intended operation. The operation path (Table 1) is appended to the
path-prefix to form the URI used with a CoAP request to perform the path-prefix to form the URI used with a CoAP request to perform the
desired DOTS operation. desired DOTS operation.
+-----------------------+----------------+-------------+ +-----------------------+----------------+-------------+
| Operation | Operation path | Details | | Operation | Operation Path | Details |
+-----------------------+----------------+-------------+ +-----------------------+----------------+-------------+
| Mitigation | /v1/mitigate | Section 4.4 | | Mitigation | /v1/mitigate | Section 4.4 |
+-----------------------+----------------+-------------+ +-----------------------+----------------+-------------+
| Session configuration | /v1/config | Section 4.5 | | Session configuration | /v1/config | Section 4.5 |
+-----------------------+----------------+-------------+ +-----------------------+----------------+-------------+
Table 1: Operations and their Corresponding URIs Table 1: Operations and their Corresponding URIs
4.3. Happy Eyeballs for DOTS Signal Channel 4.3. Happy Eyeballs for DOTS Signal Channel
skipping to change at page 9, line 41 skipping to change at page 9, line 41
DOTS client may experience a significant connection delay compared to DOTS client may experience a significant connection delay compared to
an IPv4-only DOTS client. The other problem is that if a middlebox an IPv4-only DOTS client. The other problem is that if a middlebox
between the DOTS client and DOTS server is configured to block UDP between the DOTS client and DOTS server is configured to block UDP
traffic, the DOTS client will fail to establish a DTLS session with traffic, the DOTS client will fail to establish a DTLS session with
the DOTS server and, as a consequence, will have to fall back to TLS the DOTS server and, as a consequence, will have to fall back to TLS
over TCP, thereby incurring significant connection delays. over TCP, thereby incurring significant connection delays.
To overcome these connection setup problems, the DOTS client attempts To overcome these connection setup problems, the DOTS client attempts
to connect to its DOTS server(s) using both IPv6 and IPv4, and tries to connect to its DOTS server(s) using both IPv6 and IPv4, and tries
both DTLS over UDP and TLS over TCP in a manner similar to the Happy both DTLS over UDP and TLS over TCP in a manner similar to the Happy
Eyeballs mechanism [RFC6555]. These connection attempts are Eyeballs mechanism [RFC8305]. These connection attempts are
performed by the DOTS client when it initializes. The results of the performed by the DOTS client when it initializes. The results of the
Happy Eyeballs procedure are used by the DOTS client for sending its Happy Eyeballs procedure are used by the DOTS client for sending its
subsequent messages to the DOTS server. subsequent messages to the DOTS server.
The order of preference of DOTS signal channel address family and The order of preference of DOTS signal channel address family and
transport protocol (most preferred first) is: UDP over IPv6, UDP over transport protocol (most preferred first) is: UDP over IPv6, UDP over
IPv4, TCP over IPv6, and finally TCP over IPv4. This order adheres IPv4, TCP over IPv6, and finally TCP over IPv4. This order adheres
to the address preference order specified in [RFC6724] and the DOTS to the address preference order specified in [RFC6724] and the DOTS
signal channel preference which privileges the use of UDP over TCP signal channel preference which privileges the use of UDP over TCP
(to avoid TCP's head of line blocking). (to avoid TCP's head of line blocking).
skipping to change at page 12, line 11 skipping to change at page 12, line 11
server can enable mitigation on behalf of the DOTS client by server can enable mitigation on behalf of the DOTS client by
communicating the DOTS client's request to the mitigator and relaying communicating the DOTS client's request to the mitigator and relaying
selected mitigator feedback to the requesting DOTS client. selected mitigator feedback to the requesting DOTS client.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "version"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Path: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "mitigation-id=123" Uri-Path: "mid=123"
Content-Type: "application/cbor" Content-Type: "application/cbor"
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"scope": [ "scope": [
{ {
"target-prefix": [ "target-prefix": [
"string" "string"
], ],
"target-port-range": [ "target-port-range": [
{ {
"lower-port": integer, "lower-port": integer,
"upper-port": integer "upper-port": integer
} }
skipping to change at page 12, line 47 skipping to change at page 12, line 47
"string" "string"
], ],
"lifetime": integer "lifetime": integer
} }
] ]
} }
} }
Figure 5: PUT to Convey DOTS Mitigation Requests Figure 5: PUT to Convey DOTS Mitigation Requests
The parameters are described below: The Uri-Path option carries a major and minor version nomenclature to
manage versioning; DOTS signal channel in this specification uses
'v1' major version.
cuid: Stands for Client Unique Identifier. A unique identifier that The order of the Uri-Path options is important as it defines the CoAP
is meant to prevent collisions among DOTS clients from the same resource. In particular, 'mid' MUST follow 'cuid'.
domain. It MUST be generated by DOTS clients. A variety of
methods can be used to generate such identifier, e.g.,
cryptographic means [RFC4086], mimic the algorithm in [RFC4941],
prepend a timestamp to a randomly generated identifier, etc.
Implementations MAY use the form "identifier@host", for example
"7dec-11d0-a765-00a0c91e6bf6@foo.bar.example".
The CUID is intended to be stable when communicating with a given The additional Uri-Path parameters to those defined in Section 4.2
DOTS server, i.e., the CUID used by a DOTS client SHOULD NOT are as follows:
change over time. Distinct CUIDs MAY be used per DOTS server.
DOTS servers MUST treat CUIDs as opaque values and MUST only cuid: Stands for Client Unique Identifier. A globally unique
compare CUIDs for equality. That is, DOTS servers must not identifier that is meant to prevent collisions among DOTS clients,
interpret CUIDs. DOTS servers MUST return 4.09 (Conflict) error especially those from the same domain. It MUST be generated by
code to a DOTS peer to notify that the CUID is already in-use by DOTS clients.
another DOTS client of the same domain. Upon receipt of that
error code, a new CUID MUST be generated by the DOTS peer.
Client-domain DOTS gateways MUST handle CUID collision directly Implementations SHOULD use the output of a cryptographic hash
and it is RECOMMENDED that CUID collision is handled directly by algorithm whose input is the DER-encoded ASN.1 representation of
the Subject Public Key Info (SPKI) of the DOTS client X.509
certificate [RFC5280], the DOTS client raw public key [RFC7250],
or the "PSK identity" used by the DOTS client in the TLS
ClientKeyExchange message to set 'cuid'. In this version of the
specification, the cryptographic hash algorithm used is SHA-256
[RFC6234]. The output of the cryptographic hash algorithm is
truncated to 16 bytes; truncation is done by stripping off the
final 16 bytes. The truncated output is base64url encoded.
The 'cuid' is intended to be stable when communicating with a
given DOTS server, i.e., the 'cuid' used by a DOTS client SHOULD
NOT change over time. Distinct 'cuid' values MAY be used per DOTS
server.
DOTS servers MUST return 4.09 (Conflict) error code to a DOTS peer
to notify that the 'cuid' is already in-use by another DOTS
client. Upon receipt of that error code, a new 'cuid' MUST be
generated by the DOTS peer.
Client-domain DOTS gateways MUST handle 'cuid' collision directly
and it is RECOMMENDED that 'cuid' collision is handled directly by
server-domain DOTS gateways. server-domain DOTS gateways.
Client-domain DOTS gateways MAY rewrite the CUIDs used by internal DOTS gateways MAY rewrite the 'cuid' used by peer DOTS clients.
DOTS clients. Triggers for such rewriting are out of scope. Triggers for such rewriting are out of scope.
This is a mandatory attribute. This is a mandatory Uri-Path.
mitigation-id: Identifier for the mitigation request represented mid: Identifier for the mitigation request represented with an
with an integer. This identifier MUST be unique for each integer. This identifier MUST be unique for each mitigation
mitigation request bound to the DOTS client, i.e., the request bound to the DOTS client, i.e., the 'mid' parameter value
'mitigation-id' parameter value in the mitigation request needs to in the mitigation request needs to be unique relative to the 'mid'
be unique relative to the 'mitigation-id' parameter values of parameter values of active mitigation requests conveyed from the
active mitigation requests conveyed from the DOTS client to the DOTS client to the DOTS server.
DOTS server. This identifier MUST be generated by the DOTS
client. This document does not make any assumption about how this
identifier is generated.
This is a mandatory attribute. This identifier MUST be generated by the DOTS client. This
document does not make any assumption about how this identifier is
generated.
This is a mandatory Uri-Path parameter.
The parameters in the CBOR body of the PUT request are described
below:
target-prefix: A list of prefixes identifying resources under target-prefix: A list of prefixes identifying resources under
attack. Prefixes are represented using Classless Inter-Domain attack. Prefixes are represented using Classless Inter-Domain
Routing (CIDR) notation [RFC4632]. Routing (CIDR) notation [RFC4632].
As a reminder, the prefix length must be less than or equal to 32 As a reminder, the prefix length must be less than or equal to 32
(resp. 128) for IPv4 (resp. IPv6). (resp. 128) for IPv4 (resp. IPv6).
This is an optional attribute. This is an optional attribute.
target-port-range: A list of port numbers bound to resources under target-port-range: A list of port numbers bound to resources under
attack. attack.
The port range is defined by two bounds, a lower port number A port range is defined by two bounds, a lower port number (lower-
(lower-port) and an upper port number (upper-port). When only port) and an upper port number (upper-port). When only 'lower-
'lower-port' is present, it represents a single port number. For port' is present, it represents a single port number.
TCP, UDP, Stream Control Transmission Protocol (SCTP) [RFC4960],
or Datagram Congestion Control Protocol (DCCP) [RFC4340], the For TCP, UDP, Stream Control Transmission Protocol (SCTP)
range of ports can be, for example, 1024-65535. [RFC4960], or Datagram Congestion Control Protocol (DCCP)
[RFC4340], a range of ports can be, for example, 0-1023,
1024-65535, or 1024-49151.
This is an optional attribute. This is an optional attribute.
target-protocol: A list of protocols involved in an attack. Values target-protocol: A list of protocols involved in an attack. Values
are taken from the IANA protocol registry [proto_numbers]. are taken from the IANA protocol registry [proto_numbers].
The value '0' has a special meaning for 'all protocols'. The value '0' has a special meaning for 'all protocols'.
This is an optional attribute. This is an optional attribute.
target-fqdn: A list of Fully Qualified Domain Names (FQDNs) target-fqdn: A list of Fully Qualified Domain Names (FQDNs)
identifying resources under attack. An FQDN is the full name of a identifying resources under attack. An FQDN is the full name of a
resource, rather than just its hostname. For example, "venera" is resource, rather than just its hostname. For example, "venera" is
a hostname, and "venera.isi.edu" is an FQDN. a hostname, and "venera.isi.edu" is an FQDN [RFC1983].
This is an optional attribute. This is an optional attribute.
target-uri: A list of Uniform Resource Identifiers (URIs) [RFC3986] target-uri: A list of Uniform Resource Identifiers (URIs) [RFC3986]
identifying resources under attack. identifying resources under attack.
This is an optional attribute. This is an optional attribute.
alias-name: A list of aliases of resources for which the mitigation alias-name: A list of aliases of resources for which the mitigation
is requested. Aliases can be created using the DOTS data channel is requested. Aliases can be created using the DOTS data channel
(Section 6.1 of [I-D.ietf-dots-data-channel]), direct (Section 6.1 of [I-D.ietf-dots-data-channel]), direct
configuration, or other means. An alias is used in subsequent configuration, or other means.
signal channel exchanges to refer more efficiently to the
resources under attack. An alias is used in subsequent signal channel exchanges to refer
more efficiently to the resources under attack.
This is an optional attribute. This is an optional attribute.
lifetime: Lifetime of the mitigation request in seconds. The lifetime: Lifetime of the mitigation request in seconds. The
RECOMMENDED lifetime of a mitigation request is 3600 seconds (60 RECOMMENDED lifetime of a mitigation request is 3600 seconds (60
minutes) -- this value was chosen to be long enough so that minutes) -- this value was chosen to be long enough so that
refreshing is not typically a burden on the DOTS client, while refreshing is not typically a burden on the DOTS client, while
expiring the request where the client has unexpectedly quit in a expiring the request where the client has unexpectedly quit in a
timely manner. DOTS clients MUST include this parameter in their timely manner. DOTS clients MUST include this parameter in their
mitigation requests. Upon the expiry of this lifetime, and if the mitigation requests. Upon the expiry of this lifetime, and if the
skipping to change at page 15, line 18 skipping to change at page 15, line 37
returned in the response. DOTS clients MUST be prepared to not be returned in the response. DOTS clients MUST be prepared to not be
granted mitigations with indefinite lifetimes. granted mitigations with indefinite lifetimes.
The DOTS server MUST always indicate the actual lifetime in the The DOTS server MUST always indicate the actual lifetime in the
response and the remaining lifetime in status messages sent to the response and the remaining lifetime in status messages sent to the
DOTS client. DOTS client.
This is a mandatory attribute. This is a mandatory attribute.
In deployments where server-domain DOTS gateways are enabled, In deployments where server-domain DOTS gateways are enabled,
identity information about the origin source client domain has to be identity information about the origin source client domain SHOULD be
supplied to the DOTS server. That information is meant to assist the supplied to the DOTS server. That information is meant to assist the
DOTS server to enforce some policies. Figure 6 shows an example of a DOTS server to enforce some policies. These policies can be enforced
request relayed by a server-domain DOTS gateway. per-client, per-client domain, or both. Figure 6 shows an example of
a request relayed by a server-domain DOTS gateway.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Path: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Path: "cdid=7eeaf349529eb55ed50113"
Uri-Path: "mitigation-id=123" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "mid=123"
Content-Type: "application/cbor" Content-Type: "application/cbor"
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"client-domain-hash": "string",
"scope": [ "scope": [
{ {
"target-prefix": [ "target-prefix": [
"string" "string"
], ],
"target-port-range": [ "target-port-range": [
{ {
"lower-port": integer, "lower-port": integer,
"upper-port": integer "upper-port": integer
} }
skipping to change at page 16, line 49 skipping to change at page 16, line 49
], ],
"lifetime": integer "lifetime": integer
} }
] ]
} }
} }
Figure 6: PUT to Convey DOTS Mitigation Request as relayed by a Figure 6: PUT to Convey DOTS Mitigation Request as relayed by a
Server-Domain DOTS Gateway Server-Domain DOTS Gateway
The DOTS gateway may add the following parameter: A server-domain DOTS gateway SHOULD add the following Uri-Path
parameter:
client-domain-hash: The client identifier MAY be conveyed by a cdid: Stands for Client Domain IDentifier. The 'cdid' is conveyed
server-domain DOTS gateway to propagate the source domain identity by a server-domain DOTS gateway to propagate the source domain
from the gateway's client-side to the gateway's server-side, and identity from the gateway's client-facing-side to the gateway's
from the gateway's server-side to the DOTS server. 'client-domain- server-facing-side, and from the gateway's server-facing-side to
hash' MAY be used by the final DOTS server for policy enforcement the DOTS server. 'cdid' may be used by the final DOTS server for
purposes (e.g., enforce a quota on filtering rules). policy enforcement purposes (e.g., enforce a quota on filtering
rules). These policies are deployment-specific.
The 'client-domain-hash' value MUST be assigned by the server- Server-domain DOTS gateways SHOULD support a configuration option
domain DOTS gateway in a manner that ensures that there is zero to instruct whether 'cdid' parameter is to be inserted.
probability that the same value will be assigned to a different
client domain.
If the DOTS client is using the certificate provisioned by the In order to accommodate deployments that require enforcing per-
Enrollment over Secure Transport (EST) server [RFC7030] in the client policies, per-client domain policies, or a combination
DOTS gateway-domain to authenticate itself to the DOTS gateway, thereof, server-domain DOTS gateways MUST supply the SPKI hash of
the 'client-domain-hash' value may be the output of a the DOTS client X.509 certificate, the DOTS client raw public key,
cryptographic hash algorithm whose input is the DER-encoded ASN.1 or the hash of the "PSK identity" in the 'cdid', following the
representation of the Subject Public Key Info (SPKI) of an X.509 same rules for generating the hash conveyed in 'cuid', which is
certificate. In this version of the specification, the then used by the ultimate DOTS server to determine the
cryptographic hash algorithm used is SHA-256 [RFC6234]. The corresponding client's domain.
output of the cryptographic hash algorithm is truncated to 16
bytes; truncation is done by stripping off the final 16 bytes.
The truncated output is base64url encoded.
The 'client-domain-hash' attribute MUST NOT be generated and If a DOTS client is provisioned, for example, with distinct
included by DOTS clients. certificates as a function of the peer server-domain DOTS gateway,
distinct 'cdid' values may be supplied by a server-domain DOTS
gateway. The ultimate DOTS server MUST treat those 'cdid' values
as equivalent.
DOTS servers MUST ignore 'client-domain-hash' attributes that are The 'cdid' attribute MUST NOT be generated and included by DOTS
directly supplied by source DOTS clients or client-domain DOTS clients.
gateways. This implies that first server-domain DOTS gateways
MUST strip 'client-domain-hash' attributes supplied by DOTS
clients. DOTS servers MAY support a configuration parameter to
identify DOTS gateways that are trusted to supply 'client-domain-
hash' attributes.
Only singe-valued 'client-domain-hash' are defined in this DOTS servers MUST ignore 'cdid' attributes that are directly
document. supplied by source DOTS clients or client-domain DOTS gateways.
This implies that first server-domain DOTS gateways MUST strip
'cdid' attributes supplied by DOTS clients. DOTS servers SHOULD
support a configuration parameter to identify DOTS gateways that
are trusted to supply 'cdid' attributes.
This is an optional attribute. Only single-valued 'cdid' are defined in this document.
This is an optional Uri-Path.
The CBOR key values for the parameters are defined in Section 6.
Section 9 defines how the CBOR key values can be allocated for future
uses.
Because of the complexity to handle partial failure cases, this Because of the complexity to handle partial failure cases, this
specification does not allow for including multiple mitigation specification does not allow for including multiple mitigation
requests in the same PUT request. Concretely, a DOTS client MUST NOT requests in the same PUT request. Concretely, a DOTS client MUST NOT
include multiple 'scope' parameters in the same PUT request. include multiple 'scope' parameters in the same PUT request.
The CBOR key values for the parameters are defined in Section 6.
Section 9 defines how the CBOR key values can be allocated to
standard bodies and vendors.
FQDN and URI mitigation scopes may be thought of as a form of scope FQDN and URI mitigation scopes may be thought of as a form of scope
alias, in which the addresses to which the domain name or URI resolve alias, in which the addresses to which the domain name or URI resolve
represent the full scope of the mitigation. represent the full scope of the mitigation.
In the PUT request at least one of the attributes 'target-prefix' or In the PUT request at least one of the attributes 'target-prefix',
'target-fqdn' or 'target-uri 'or 'alias-name' MUST be present. 'target-fqdn','target-uri', or 'alias-name' MUST be present.
Attributes with empty values MUST NOT be present in a request.
The relative order of two mitigation requests from a DOTS client is Attributes and Uri-Path parameters with empty values MUST NOT be
determined by comparing their respective 'mitigation-id' values. If present in a request.
two mitigation requests have overlapping mitigation scopes, the
mitigation request with the highest numeric 'mitigation-id' value
will override the other mitigation request. Two mitigation-ids from
a DOTS client are overlapping if there is a common IP address, IP
prefix, FQDN, URI, or alias-name. To avoid maintaining a long list
of overlapping mitigation requests from a DOTS client and avoid
error-prone provisioning of mitigation requests from a DOTS client,
the overlapped lower numeric 'mitigation-id' MUST be automatically
deleted and no longer available at the DOTS server.
The Uri-Path option carries a major and minor version nomenclature to The relative order of two mitigation requests from a DOTS client is
manage versioning and DOTS signal channel in this specification uses determined by comparing their respective 'mid' values. If two
v1 major version. mitigation requests have overlapping mitigation scopes, the
mitigation request with the highest numeric 'mid' value will override
the other mitigation request. Two mitigation requests from a DOTS
client are overlapping if there is a common IP address, IP prefix,
FQDN, URI, or alias-name. To avoid maintaining a long list of
overlapping mitigation requests from a DOTS client and avoid error-
prone provisioning of mitigation requests from a DOTS client, the
overlapped lower numeric 'mid' MUST be automatically deleted and no
longer available at the DOTS server.
Figure 7 shows a PUT request example to signal that ports 80, 8080, Figure 7 shows a PUT request example to signal that ports 80, 8080,
and 443 used by 2001:db8:6401::1 and 2001:db8:6401::2 servers are and 443 used by 2001:db8:6401::1 and 2001:db8:6401::2 servers are
under attack (illustrated in JSON diagnostic notation). The presence under attack (illustrated in JSON diagnostic notation). The presence
of 'client-domain-hash' indicates that a server-domain DOTS gateway of 'cdid' indicates that a server-domain DOTS gateway has modified
has modified the initial PUT request sent by the DOTS client. the initial PUT request sent by the DOTS client.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Host: "www.example.com" Uri-Host: "www.example.com"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "v1" Uri-Path: "v1"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Path: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Path: "cdid=7eeaf349529eb55ed50113"
Uri-Path: "mitigation-id=123" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "mid=123"
Content-Format: "application/cbor" Content-Format: "application/cbor"
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"client-domain-hash": "dz6pHjaADkaFTbjr0JGBpw",
"scope": [ "scope": [
{ {
"target-prefix": [ "target-prefix": [
"2001:db8:6401::1/128", "2001:db8:6401::1/128",
"2001:db8:6401::2/128" "2001:db8:6401::2/128"
], ],
"target-port-range": [ "target-port-range": [
{ {
"lower-port": 80 "lower-port": 80
}, },
skipping to change at page 20, line 7 skipping to change at page 20, line 7
] ]
} }
} }
Figure 7: PUT for DOTS Mitigation Request Figure 7: PUT for DOTS Mitigation Request
The corresponding CBOR encoding format is shown in Figure 8. The corresponding CBOR encoding format is shown in Figure 8.
A1 # map(1) A1 # map(1)
01 # unsigned(1) 01 # unsigned(1)
A2 # map(2) A1 # map(1)
18 24 # unsigned(36)
76 # text(22)
647A3670486A6141446B614654626A72304A47427077 # "dz6pHjaADkaFTbjr0JGBpw"
02 # unsigned(2) 02 # unsigned(2)
81 # array(1) 81 # array(1)
A3 # map(3) A3 # map(3)
18 23 # unsigned(35) 18 23 # unsigned(35)
82 # array(2) 82 # array(2)
74 # text(20) 74 # text(20)
323030313A6462383A363430313A3A312F313238 # "2001:db8:6401::1/128" 323030313A6462383A363430313A3A312F313238 # "2001:db8:6401::1/128"
74 # text(20) 74 # text(20)
323030313A6462383A363430313A3A322F313238 # "2001:db8:6401::2/128" 323030313A6462383A363430313A3A322F313238 # "2001:db8:6401::2/128"
05 # unsigned(5) 05 # unsigned(5)
skipping to change at page 20, line 43 skipping to change at page 20, line 40
06 # unsigned(6) 06 # unsigned(6)
Figure 8: PUT for DOTS Mitigation Request (CBOR) Figure 8: PUT for DOTS Mitigation Request (CBOR)
In both DOTS signal and data channel sessions, the DOTS client MUST In both DOTS signal and data channel sessions, the DOTS client MUST
authenticate itself to the DOTS server (Section 8). The DOTS server authenticate itself to the DOTS server (Section 8). The DOTS server
may use the algorithm presented in Section 7 of [RFC7589] to derive may use the algorithm presented in Section 7 of [RFC7589] to derive
the DOTS client identity or username from the client certificate. the DOTS client identity or username from the client certificate.
The DOTS client identity allows the DOTS server to accept mitigation The DOTS client identity allows the DOTS server to accept mitigation
requests with scopes that the DOTS client is authorized to manage. requests with scopes that the DOTS client is authorized to manage.
The DOTS server couples the DOTS signal and data channel sessions The DOTS server couples the DOTS signal and data channel sessions
using the DOTS client identity or the 'client-domain-hash' parameter using the DOTS client identity (e.g., client certificate, 'cuid') and
value, so the DOTS server can validate whether the aliases conveyed optionally the 'cdid' parameter value, so the DOTS server can
in the mitigation request were indeed created by the same DOTS client validate whether the aliases conveyed in the mitigation request were
using the DOTS data channel session. If the aliases were not created indeed created by the same DOTS client using the DOTS data channel
by the DOTS client, the DOTS server MUST return 4.00 (Bad Request) in session. If the aliases were not created by the DOTS client, the
the response. DOTS server MUST return 4.00 (Bad Request) in the response.
The DOTS server couples the DOTS signal channel sessions using the The DOTS server couples the DOTS signal channel sessions using the
DOTS client identity or the 'client-domain-hash' parameter value, and DOTS client identity and optionally the 'cdid' parameter value, and
the DOTS server uses 'mitigation-id' and 'cuid' parameter values to the DOTS server uses 'mid' and 'cuid' Uri-Path parameter values to
detect duplicate mitigation requests. If the mitigation request detect duplicate mitigation requests. If the mitigation request
contains the alias-name and other parameters identifying the target contains the 'alias-name' and other parameters identifying the target
resources (such as, 'target-prefix', 'target-port-range', 'target- resources (such as 'target-prefix', 'target-port-range', 'target-
fqdn', or 'target-uri'), the DOTS server appends the parameter values fqdn', or 'target-uri'), the DOTS server appends the parameter values
in 'alias-name' with the corresponding parameter values in 'target- in 'alias-name' with the corresponding parameter values in 'target-
prefix', 'target-port-range', 'target-fqdn', or 'target-uri'. prefix', 'target-port-range', 'target-fqdn', or 'target-uri'.
The DOTS server indicates the result of processing the PUT request The DOTS server indicates the result of processing the PUT request
using CoAP response codes. CoAP 2.xx codes are success. CoAP 4.xx using CoAP response codes. CoAP 2.xx codes are success. CoAP 4.xx
codes are some sort of invalid requests (client errors). COAP 5.xx codes are some sort of invalid requests (client errors). COAP 5.xx
codes are returned if the DOTS server has erred or is currently codes are returned if the DOTS server has erred or is currently
unavailable to provide mitigation in response to the mitigation unavailable to provide mitigation in response to the mitigation
request from the DOTS client. request from the DOTS client.
Figure 9 shows an example of a PUT request that is successfully Figure 9 shows an example response to a PUT request that is
processed by a DOTS server (i.e., CoAP 2.xx response codes). successfully processed by a DOTS server (i.e., CoAP 2.xx response
codes). This PUT request is assumed to be relayed by a server-domain
DOTS gateway.
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"client-domain-hash": "dz6pHjaADkaFTbjr0JGBpw", "cdid": "7eeaf349529eb55ed50113",
"scope": [ "scope": [
{ {
"mitigation-id": 12332, "mid": 12332,
"lifetime": 3600 "lifetime": 3600
} }
] ]
} }
} }
Figure 9: 2.xx Response Body Figure 9: 2.xx Response Body
If the request is missing one or more mandatory attributes, or If the request is missing a mandatory attribute, does not include
includes multiple 'scope' parameters, or contains invalid or unknown 'cuid' or 'mid' Uri-Path options, includes multiple 'scope'
parameters, the DOTS server MUST reply with 4.00 (Bad Request). DOTS parameters, or contains invalid or unknown parameters, the DOTS
agents can safely ignore Vendor-Specific parameters they don't server MUST reply with 4.00 (Bad Request). DOTS agents can safely
understand. ignore Vendor-Specific parameters they don't understand.
A DOTS server that receives a mitigation request with a lifetime set A DOTS server that receives a mitigation request with a lifetime set
to '0' MUST reply with a 4.00 (Bad Request). to '0' MUST reply with a 4.00 (Bad Request).
If the DOTS server does not find the 'mitigation-id' parameter value If the DOTS server does not find the 'mid' parameter value conveyed
conveyed in the PUT request in its configuration data, it MAY accept in the PUT request in its configuration data, it MAY accept the
the mitigation request by sending back a 2.01 (Created) response to mitigation request by sending back a 2.01 (Created) response to the
the DOTS client; the DOTS server will consequently try to mitigate DOTS client; the DOTS server will consequently try to mitigate the
the attack. attack.
If the DOTS server finds the 'mitigation-id' parameter value conveyed If the DOTS server finds the 'mid' parameter value conveyed in the
in the PUT request in its configuration data bound to that DOTS PUT request in its configuration data bound to that DOTS client, it
client, it MAY update the mitigation request, and a 2.04 (Changed) MAY update the mitigation request, and a 2.04 (Changed) response is
response is returned to indicate a successful update of the returned to indicate a successful update of the mitigation request.
mitigation request.
If the request is conflicting with an existing mitigation request If the request is conflicting with an existing mitigation request
from a different DOTS client, and the DOTS server decides to maintain from a different DOTS client, and the DOTS server decides to maintain
the conflicting mitigation request, the DOTS server returns 4.09 the conflicting mitigation request, the DOTS server returns 4.09
(Conflict) [RFC8132] to the requesting DOTS client. The response (Conflict) [RFC8132] to the requesting DOTS client. The response
includes enough information for a DOTS client to recognize the source includes enough information for a DOTS client to recognize the source
of the conflict as described below: of the conflict as described below:
conflict-information: Indicates that a mitigation request is conflict-information: Indicates that a mitigation request is
conflicting with another mitigation request(s) from other DOTS conflicting with another mitigation request(s) from other DOTS
skipping to change at page 22, line 49 skipping to change at page 22, line 48
following values are defined: following values are defined:
1: Overlapping targets. 'conflict-scope' provides more details 1: Overlapping targets. 'conflict-scope' provides more details
about the conflicting target clauses. about the conflicting target clauses.
2: Conflicts with an existing white list. This code is 2: Conflicts with an existing white list. This code is
returned when the DDoS mitigation detects source addresses/ returned when the DDoS mitigation detects source addresses/
prefixes in the white-listed ACLs are attacking the target. prefixes in the white-listed ACLs are attacking the target.
3: CUID Collision. This code is returned when a DOTS client 3: CUID Collision. This code is returned when a DOTS client
uses a CUID that is already used by another DOTS client of uses a 'cuid' that is already used by another DOTS client.
the same domain. This code is an indication that the This code is an indication that the request has been
request has been rejected and a new request with a new CUID rejected and a new request with a new 'cuid' is to be re-
is to be re-sent by the DOTS client. Note that 'conflict- sent by the DOTS client. Note that 'conflict-status',
status', 'conflict-scope', and 'retry-timer' are not 'conflict-scope', and 'retry-timer' are not returned in the
returned in the error response. error response.
conflict-scope: Indicates the conflict scope. It may include a conflict-scope: Indicates the conflict scope. It may include a
list of IP addresses, a list of prefixes, a list of port list of IP addresses, a list of prefixes, a list of port
numbers, a list of target protocols, a list of FQDNs, a list of numbers, a list of target protocols, a list of FQDNs, a list of
URIs, a list of alias-names, or references to conflicting ACLs. URIs, a list of alias-names, or references to conflicting ACLs.
retry-timer: Indicates, in seconds, the time after which the DOTS retry-timer: Indicates, in seconds, the time after which the DOTS
client may re-issue the same request. The DOTS server returns client may re-issue the same request. The DOTS server returns
'retry-timer' only to DOTS client(s) for which a mitigation 'retry-timer' only to DOTS client(s) for which a mitigation
request is deactivated. Any retransmission of the same request is deactivated. Any retransmission of the same
skipping to change at page 23, line 30 skipping to change at page 23, line 30
mitigation request resulting in the deactivation of the mitigation request resulting in the deactivation of the
conflicting mitigation request. The lifetime of the conflicting mitigation request. The lifetime of the
deactivated mitigation request will be updated to (retry-timer deactivated mitigation request will be updated to (retry-timer
+ 45 seconds), so the DOTS client can refresh the deactivated + 45 seconds), so the DOTS client can refresh the deactivated
mitigation request after retry-timer seconds before expiry of mitigation request after retry-timer seconds before expiry of
lifetime and check if the conflict is resolved. lifetime and check if the conflict is resolved.
For a mitigation request to continue beyond the initial negotiated For a mitigation request to continue beyond the initial negotiated
lifetime, the DOTS client has to refresh the current mitigation lifetime, the DOTS client has to refresh the current mitigation
request by sending a new PUT request. This PUT request MUST use the request by sending a new PUT request. This PUT request MUST use the
same 'mitigation-id' value, and MUST repeat all the other parameters same 'mid' value, and MUST repeat all the other parameters as sent in
as sent in the original mitigation request apart from a possible the original mitigation request apart from a possible change to the
change to the lifetime parameter value. lifetime parameter value.
The DOTS gateway, which inserted a 'client-domain-hash' attribute in The DOTS gateway that inserted a 'cdid' in a request, MUST strip the
a request, MUST strip the 'client-domain-hash' parameter in the 'cdid' parameter in the corresponding response before forwarding the
corresponding response before forwarding the response to the DOTS response to the DOTS client. If we consider the example depicted in
client. If we consider the example depicted in Figure 9, the message Figure 9, the message that will be relayed by the DOTS gateway is
that will be relayed by the DOTS gateway is shown in Figure 10. shown in Figure 10.
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"scope": [ "scope": [
{ {
"mitigation-id": 12332, "mid": 12332,
"lifetime": 3600 "lifetime": 3600
} }
] ]
} }
} }
Figure 10: 2.xx Response Body Relayed by a DOTS Gateway Figure 10: 2.xx Response Body Relayed by a DOTS Gateway
4.4.2. Retrieve Information Related to a Mitigation 4.4.2. Retrieve Information Related to a Mitigation
A GET request is used by a DOTS client to retrieve information A GET request is used by a DOTS client to retrieve information
(including status) of DOTS mitigations from a DOTS server. (including status) of DOTS mitigations from a DOTS server.
The same considerations for manipulating 'client-domain-hash' 'cuid' is a mandatory Uri-Query parameter for GET requests.
parameter by server-domain DOTS gateways specified in Section 4.4.1
MUST be followed for GET requests.
If the DOTS server does not find the 'mitigation-id' parameter value Uri-Query parameters with empty values MUST NOT be present in a
conveyed in the GET request in its configuration data for the request.
requesting DOTS client or the one identified by 'client-domain-hash',
it MUST respond with a 4.04 (Not Found) error response code. The same considerations for manipulating 'cdid' parameter by server-
domain DOTS gateways specified in Section 4.4.1 MUST be followed for
GET requests.
If the DOTS server does not find the 'mid' Uri-Query value conveyed
in the GET request in its configuration data for the requesting DOTS
client, it MUST respond with a 4.04 (Not Found) error response code.
Likewise, the same error MUST be returned as a response to a request Likewise, the same error MUST be returned as a response to a request
to retrieve all mitigation records of a given DOTS client if the DOTS to retrieve all mitigation records (i.e., 'mid' Uri-Query is not
server does not find any mitigation record for that DOTS client or defined) of a given DOTS client if the DOTS server does not find any
the one identified by 'client-domain-hash'. mitigation record for that DOTS client. As a reminder, a DOTS client
is identified by its identity (e.g., client certificate, 'cuid') and
optionally the 'cdid'.
The 'c' (content) parameter and its permitted values defined in The 'c' (content) parameter and its permitted values defined in
[I-D.ietf-core-comi] can be used to retrieve non-configuration data [I-D.ietf-core-comi] can be used to retrieve non-configuration data
(attack mitigation status) or configuration data or both. The DOTS (attack mitigation status), configuration data, or both. The DOTS
server may support this optional filtering capability. It can safely server may support this optional filtering capability. It can safely
ignore it if not supported. ignore it if not supported.
The following examples illustrate how a DOTS client retrieves active The following examples illustrate how a DOTS client retrieves active
mitigation requests from a DOTS server. In particular: mitigation requests from a DOTS server. In particular:
o Figure 11 shows the example of a GET request to retrieve all DOTS o Figure 11 shows the example of a GET request to retrieve all DOTS
mitigation requests signaled by a DOTS client. mitigation requests signaled by a DOTS client.
o Figure 12 shows the example of a GET request to retrieve a o Figure 12 shows the example of a GET request to retrieve a
specific DOTS mitigation request signaled by a DOTS client. The specific DOTS mitigation request signaled by a DOTS client. The
configuration data to be reported in the response is formatted in configuration data to be reported in the response is formatted in
the same order it was processed by the DOTS server. the same order as was processed by the DOTS server in the original
mitigation request.
These two examples assume the default of "c=a"; that is, the DOTS These two examples assume the default of "c=a"; that is, the DOTS
client asks for all data to be reported by the DOTS server. client asks for all data to be reported by the DOTS server.
Header: GET (Code=0.01) Header: GET (Code=0.01)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Query: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Query: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Observe : 0 Observe: 0
Figure 11: GET to Retrieve all DOTS Mitigation Requests Figure 11: GET to Retrieve all DOTS Mitigation Requests
Header: GET (Code=0.01) Header: GET (Code=0.01)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Query: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Query: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Query: "mitigation-id=12332" Uri-Query: "mid=12332"
Observe : 0 Observe: 0
Figure 12: GET to Retrieve a Specific DOTS Mitigation Request Figure 12: GET to Retrieve a Specific DOTS Mitigation Request
Figure 13 shows a response example of all active mitigation requests Figure 13 shows a response example of all active mitigation requests
associated with the DOTS client on the DOTS server and the mitigation associated with the DOTS client as maintained by the DOTS server.
status of each mitigation request. The response indicates the mitigation status of each mitigation
request.
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"scope": [ "scope": [
{ {
"mitigation-id": 12332, "mid": 12332,
"mitigation-start": 1507818434.00, "mitigation-start": 1507818434,
"target-prefix": [ "target-prefix": [
"2001:db8:6401::1/128", "2001:db8:6401::1/128",
"2001:db8:6401::2/128" "2001:db8:6401::2/128"
], ],
"target-protocol": [ "target-protocol": [
17 17
], ],
"lifetime": 1800, "lifetime": 1800,
"status": 2, "status": 2,
"bytes-dropped": 134334555, "bytes-dropped": 134334555,
"bps-dropped": 43344, "bps-dropped": 43344,
"pkts-dropped": 333334444, "pkts-dropped": 333334444,
"pps-dropped": 432432 "pps-dropped": 432432
}, },
{ {
"mitigation-id": 12333, "mid": 12333,
"mitigation-start": 1507818393.00, "mitigation-start": 1507818393,
"target-prefix": [ "target-prefix": [
"2001:db8:6401::1/128", "2001:db8:6401::1/128",
"2001:db8:6401::2/128" "2001:db8:6401::2/128"
], ],
"target-protocol": [ "target-protocol": [
6 6
], ],
"lifetime": 1800, "lifetime": 1800,
"status": 3, "status": 3,
"bytes-dropped": 0, "bytes-dropped": 0,
skipping to change at page 27, line 5 skipping to change at page 27, line 5
} }
} }
Figure 13: Response Body to a Get Request Figure 13: Response Body to a Get Request
The mitigation status parameters are described below: The mitigation status parameters are described below:
mitigation-start: Mitigation start time is expressed in seconds mitigation-start: Mitigation start time is expressed in seconds
relative to 1970-01-01T00:00Z in UTC time (Section 2.4.1 of relative to 1970-01-01T00:00Z in UTC time (Section 2.4.1 of
[RFC7049]). The encoding is modified so that the leading tag 1 [RFC7049]). The CBOR encoding is modified so that the leading tag
(epoch-based date/time) MUST be omitted. 1 (epoch-based date/time) MUST be omitted.
This is a mandatory attribute. This is a mandatory attribute.
lifetime: The remaining lifetime of the mitigation request, in lifetime: The remaining lifetime of the mitigation request, in
seconds. seconds.
This is a mandatory attribute. This is a mandatory attribute.
status: Status of attack mitigation. The various possible values of status: Status of attack mitigation. The various possible values of
'status' parameter are explained in Table 2. 'status' parameter are explained in Table 2.
This is a mandatory attribute. This is a mandatory attribute.
bytes-dropped: The total dropped byte count for the mitigation bytes-dropped: The total dropped byte count for the mitigation
request since the attack mitigation is triggered. The count wraps request since the attack mitigation is triggered. The count wraps
around when it reaches the maximum value of unsigned integer. around when it reaches the maximum value of unsigned integer64.
This is an optional attribute. This is an optional attribute.
bps-dropped: The average number of dropped bytes per second for the bps-dropped: The average number of dropped bytes per second for the
mitigation request since the attack mitigation is triggered. This mitigation request since the attack mitigation is triggered. This
SHOULD be a five-minute average. SHOULD be a five-minute average.
This is an optional attribute. This is an optional attribute.
pkts-dropped: The total number of dropped packet count for the pkts-dropped: The total number of dropped packet count for the
mitigation request since the attack mitigation is triggered. mitigation request since the attack mitigation is triggered. The
count wraps around when it reaches the maximum value of unsigned
integer64.
This is an optional attribute. This is an optional attribute.
pps-dropped: The average number of dropped packets per second for pps-dropped: The average number of dropped packets per second for
the mitigation request since the attack mitigation is triggered. the mitigation request since the attack mitigation is triggered.
This SHOULD be a five-minute average. This SHOULD be a five-minute average.
This is an optional attribute. This is an optional attribute.
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| Parameter | Description | | Parameter | Description |
| value | | | Value | |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 1 | Attack mitigation is in progress (e.g., changing the | | 1 | Attack mitigation is in progress (e.g., changing the |
| | network path to re-route the inbound traffic to DOTS | | | network path to re-route the inbound traffic to DOTS |
| | mitigator). | | | mitigator). |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 2 | Attack is successfully mitigated (e.g., traffic is | | 2 | Attack is successfully mitigated (e.g., traffic is |
| | redirected to a DDoS mitigator and attack traffic is | | | redirected to a DDoS mitigator and attack traffic is |
| | dropped). | | | dropped). |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 3 | Attack has stopped and the DOTS client can withdraw | | 3 | Attack has stopped and the DOTS client can withdraw |
skipping to change at page 28, line 35 skipping to change at page 28, line 35
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 6 | Attack mitigation is now terminated. | | 6 | Attack mitigation is now terminated. |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 7 | Attack mitigation is withdrawn. | | 7 | Attack mitigation is withdrawn. |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 8 | Attack mitigation is rejected. | | 8 | Attack mitigation is rejected. |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
Table 2: Values of 'status' Parameter Table 2: Values of 'status' Parameter
The observe option defined in [RFC7641] extends the CoAP core The Observe Option defined in [RFC7641] extends the CoAP core
protocol with a mechanism for a CoAP client to "observe" a resource protocol with a mechanism for a CoAP client to "observe" a resource
on a CoAP server: The client retrieves a representation of the on a CoAP server: The client retrieves a representation of the
resource and requests this representation be updated by the server as resource and requests this representation be updated by the server as
long as the client is interested in the resource. A DOTS client long as the client is interested in the resource. A DOTS client
conveys the observe option set to '0' in the GET request to receive conveys the Observe Option set to '0' in the GET request to receive
unsolicited notifications of attack mitigation status from the DOTS unsolicited notifications of attack mitigation status from the DOTS
server. server.
Unidirectional notifications within the bidirectional signal channel Unidirectional notifications within the bidirectional signal channel
allows unsolicited message delivery, enabling asynchronous allows unsolicited message delivery, enabling asynchronous
notifications between the agents. Due to the higher likelihood of notifications between the agents. Due to the higher likelihood of
packet loss during a DDoS attack, the DOTS server periodically sends packet loss during a DDoS attack, the DOTS server periodically sends
attack mitigation status to the DOTS client and also notifies the attack mitigation status to the DOTS client and also notifies the
DOTS client whenever the status of the attack mitigation changes. If DOTS client whenever the status of the attack mitigation changes. If
the DOTS server cannot maintain a RTT estimate, it SHOULD NOT send the DOTS server cannot maintain an RTT estimate, it SHOULD NOT send
more than one unsolicited notification every 3 seconds, and SHOULD more than one unsolicited notification every 3 seconds, and SHOULD
use an even less aggressive rate whenever possible (case 2 in use an even less aggressive rate whenever possible (case 2 in
Section 3.1.3 of [RFC8085]). The DOTS server MUST use the same CUID Section 3.1.3 of [RFC8085]).
as the one used by the DOTS client to observe a mitigation request.
When conflicting requests are detected, the DOTS server enforces the When conflicting requests are detected, the DOTS server enforces the
corresponding policy (e.g., accept all requests, reject all requests, corresponding policy (e.g., accept all requests, reject all requests,
accept only one request but reject all the others, ...). It is accept only one request but reject all the others, ...). It is
assumed that this policy is supplied by the DOTS server administrator assumed that this policy is supplied by the DOTS server administrator
or it is a default behavior of the DOTS server implementation. Then, or it is a default behavior of the DOTS server implementation. Then,
the DOTS server sends notification message(s) to the DOTS client(s) the DOTS server sends notification message(s) to the DOTS client(s)
at the origin of the conflict. A conflict notification message at the origin of the conflict (refer to the conflict parameters
includes information about the conflict cause, scope, and the status defined in Section 4.4.1). A conflict notification message includes
of the mitigation request(s). For example, information about the conflict cause, scope, and the status of the
mitigation request(s). For example,
o A notification message with status code set to '8 (Attack o A notification message with 'status' code set to '8 (Attack
mitigation is rejected)' and 'conflict-status' set to '1' is sent mitigation is rejected)' and 'conflict-status' set to '1' is sent
to a DOTS client to indicate that this mitigation request is to a DOTS client to indicate that this mitigation request is
rejected because a conflict is detected. rejected because a conflict is detected.
o A notification message with status code set to '7 (Attack o A notification message with 'status' code set to '7 (Attack
mitigation is withdrawn)' and 'conflict-status' set to '1' is sent mitigation is withdrawn)' and 'conflict-status' set to '1' is sent
to a DOTS client to indicate that an active mitigation request is to a DOTS client to indicate that an active mitigation request is
deactivated because a conflict is detected. deactivated because a conflict is detected.
o A notification message with status code set to '1 (Attack o A notification message with 'status' code set to '1 (Attack
mitigation is in progress)' and 'conflict-status' set to '2' is mitigation is in progress)' and 'conflict-status' set to '2' is
sent to a DOTS client to indicate that this mitigation request is sent to a DOTS client to indicate that this mitigation request is
in progress, but a conflict is detected. in progress, but a conflict is detected.
Upon receipt of a conflict notification message indicating that a Upon receipt of a conflict notification message indicating that a
mitigation request is deactivated because of a conflict, a DOTS mitigation request is deactivated because of a conflict, a DOTS
client MUST NOT resend the same mitigation request before the expiry client MUST NOT resend the same mitigation request before the expiry
of 'retry-timer'. It is also recommended that DOTS clients support of 'retry-timer'. It is also recommended that DOTS clients support
means to alert administrators about mitigation conflicts. means to alert administrators about mitigation conflicts.
skipping to change at page 30, line 5 skipping to change at page 30, line 5
recognize the token in the message and thus will return a Reset recognize the token in the message and thus will return a Reset
message. This causes the DOTS server to remove the associated entry. message. This causes the DOTS server to remove the associated entry.
Alternatively, the DOTS client can explicitly deregister itself by Alternatively, the DOTS client can explicitly deregister itself by
issuing a GET request that has the Token field set to the token of issuing a GET request that has the Token field set to the token of
the observation to be cancelled and includes an Observe Option with the observation to be cancelled and includes an Observe Option with
the value set to '1' (deregister). the value set to '1' (deregister).
Figure 14 shows an example of a DOTS client requesting a DOTS server Figure 14 shows an example of a DOTS client requesting a DOTS server
to send notifications related to a given mitigation request. to send notifications related to a given mitigation request.
+-----------+ +-----------+ +-----------+ +-----------+
|DOTS client| |DOTS server| |DOTS client| |DOTS server|
+-----------+ +-----------+ +-----------+ +-----------+
| | | |
| GET /<mitigation-id number> | | GET /<mid> |
| Token: 0x4a | Registration | Token: 0x4a | Registration
| Observe: 0 | | Observe: 0 |
+------------------------------>| +---------------------------------->|
| | | |
| 2.05 Content | | 2.05 Content |
| Token: 0x4a | Notification of | Token: 0x4a | Notification of
| Observe: 12 | the current state | Observe: 12 | the current state
| status: "mitigation | | status: "mitigation in progress" |
| in progress" | | |
|<------------------------------+ |<----------------------------------+
| 2.05 Content | | 2.05 Content |
| Token: 0x4a | Notification upon | Token: 0x4a | Notification upon
| Observe: 44 | a state change | Observe: 44 | a state change
| status: "mitigation | | status: "mitigation complete" |
| complete" | | |
|<------------------------------+ |<----------------------------------+
| 2.05 Content | | 2.05 Content |
| Token: 0x4a | Notification upon | Token: 0x4a | Notification upon
| Observe: 60 | a state change | Observe: 60 | a state change
| status: "attack stopped" | | status: "attack stopped" |
|<------------------------------+ |<----------------------------------+
| | | |
Figure 14: Notifications of Attack Mitigation Status Figure 14: Notifications of Attack Mitigation Status
4.4.2.1. Mitigation Status 4.4.2.1. DOTS Clients Polling for Mitigation Status
The DOTS client can send the GET request at frequent intervals The DOTS client can send the GET request at frequent intervals
without the Observe option to retrieve the configuration data of the without the Observe Option to retrieve the configuration data of the
mitigation request and non-configuration data (i.e., the attack mitigation request and non-configuration data (i.e., the attack
status). The frequency of polling the DOTS server to get the status). The frequency of polling the DOTS server to get the
mitigation status should follow the transmission guidelines given in mitigation status SHOULD follow the transmission guidelines in
Section 3.1.3 of [RFC8085]. If the DOTS server has been able to Section 3.1.3 of [RFC8085].
mitigate the attack and the attack has stopped, the DOTS server
indicates as such in the status, and the DOTS client recalls the If the DOTS server has been able to mitigate the attack and the
mitigation request by issuing a DELETE request for the 'mitigation- attack has stopped, the DOTS server indicates as such in the status.
id'. In such case, the DOTS client recalls the mitigation request by
issuing a DELETE request for this mitigation request (Section 4.4.4).
A DOTS client SHOULD react to the status of the attack as per the A DOTS client SHOULD react to the status of the attack as per the
information sent by the DOTS server rather than acknowledging by information sent by the DOTS server rather than acknowledging by
itself, using its own means, that the attack has been mitigated. itself, using its own means, that the attack has been mitigated.
This ensures that the DOTS client does not recall a mitigation This ensures that the DOTS client does not recall a mitigation
request prematurely because it is possible that the DOTS client does request prematurely because it is possible that the DOTS client does
not sense the DDoS attack on its resources but the DOTS server could not sense the DDoS attack on its resources, but the DOTS server could
be actively mitigating the attack and the attack is not completely be actively mitigating the attack because the attack is not
averted. completely averted.
4.4.3. Efficacy Update from DOTS Clients 4.4.3. Efficacy Update from DOTS Clients
While DDoS mitigation is active, due to the likelihood of packet While DDoS mitigation is active, due to the likelihood of packet
loss, a DOTS client MAY periodically transmit DOTS mitigation loss, a DOTS client MAY periodically transmit DOTS mitigation
efficacy updates to the relevant DOTS server. A PUT request is used efficacy updates to the relevant DOTS server. A PUT request is used
to convey the mitigation efficacy update to the DOTS server. to convey the mitigation efficacy update to the DOTS server.
The PUT request MUST include all the parameters used in the PUT The PUT request used for efficacy update MUST include all the
request to carry the DOTS mitigation request (Section 4.4.1) parameters used in the PUT request to carry the DOTS mitigation
unchanged apart from the lifetime parameter value. If this is not request (Section 4.4.1) unchanged apart from the 'lifetime' parameter
the case, the DOTS server MUST reject the request with a 4.00 (Bad value. If this is not the case, the DOTS server MUST reject the
Request). request with a 4.00 (Bad Request).
The If-Match Option (Section 5.10.8.1 of [RFC7252]) with an empty The If-Match Option (Section 5.10.8.1 of [RFC7252]) with an empty
value is used to make the PUT request conditional on the current value is used to make the PUT request conditional on the current
existence of the mitigation request. If UDP is used as transport, existence of the mitigation request. If UDP is used as transport,
CoAP requests may arrive out-of-order. For example, the DOTS client CoAP requests may arrive out-of-order. For example, the DOTS client
may send a PUT request to convey an efficacy update to the DOTS may send a PUT request to convey an efficacy update to the DOTS
server followed by a DELETE request to withdraw the mitigation server followed by a DELETE request to withdraw the mitigation
request, but the DELETE request arrives at the DOTS server before the request, but the DELETE request arrives at the DOTS server before the
PUT request. To handle out-of-order delivery of requests, if an If- PUT request. To handle out-of-order delivery of requests, if an If-
Match option is present in the PUT request and the 'mitigation-id' in Match Option is present in the PUT request and the 'mid' in the
the request matches a mitigation request from that DOTS client, then request matches a mitigation request from that DOTS client, the
the request is processed. If no match is found, the PUT request is request is processed by the DOTS server. If no match is found, the
silently ignored. PUT request is silently ignored by the DOTS server.
An example of an efficacy update message, which includes an If-Match An example of an efficacy update message, which includes an If-Match
option with an empty value, is depicted in Figure 15. Option with an empty value, is depicted in Figure 15.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Path: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Path: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Path: "mitigation-id=123" Uri-Path: "mid=123"
Content-Format: "application/cbor" Content-Format: "application/cbor"
If-Match: If-Match:
{ {
"ietf-dots-signal:mitigation-scope": { "ietf-dots-signal-channel:mitigation-scope": {
"scope": [ "scope": [
{ {
"target-prefix": [ "target-prefix": [
"string" "string"
], ],
"target-port-range": [ "target-port-range": [
{ {
"lower-port": integer, "lower-port": integer,
"upper-port": integer "upper-port": integer
} }
skipping to change at page 33, line 28 skipping to change at page 33, line 28
The DOTS server indicates the result of processing a PUT request The DOTS server indicates the result of processing a PUT request
using CoAP response codes. The response code 2.04 (Changed) is using CoAP response codes. The response code 2.04 (Changed) is
returned if the DOTS server has accepted the mitigation efficacy returned if the DOTS server has accepted the mitigation efficacy
update. The error response code 5.03 (Service Unavailable) is update. The error response code 5.03 (Service Unavailable) is
returned if the DOTS server has erred or is incapable of performing returned if the DOTS server has erred or is incapable of performing
the mitigation. the mitigation.
4.4.4. Withdraw a Mitigation 4.4.4. Withdraw a Mitigation
A DELETE request is used to withdraw a DOTS mitigation request from a DELETE requests are used to withdraw DOTS mitigation requests from
DOTS server (Figure 16). DOTS servers (Figure 16).
The same considerations for manipulating 'client-domain-hash' 'cuid' and 'mid' are mandatory Uri-Query parameters for DELETE
parameter by DOTS gateways, as specified in Section 4.4.1, MUST be requests.
followed for DELETE requests.
The same considerations for manipulating 'cdid' parameter by DOTS
gateways, as specified in Section 4.4.1, MUST be followed for DELETE
requests. Uri-Query parameters with empty values MUST NOT be present
in a request.
Header: DELETE (Code=0.04) Header: DELETE (Code=0.04)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "mitigate" Uri-Path: "mitigate"
Uri-Query: "cuid=7dec-11d0-a765-00a0c91e6bf6@foo.bar.example" Uri-Query: "cuid=dz6pHjaADkaFTbjr0JGBpw"
Uri-Query: "mitigation-id=123" Uri-Query: "mid=123"
Figure 16: Withdraw a DOTS Mitigation Figure 16: Withdraw a DOTS Mitigation
If the request does not include a 'mitigation-id' parameter, the DOTS If the DELETE request does not include 'cuid' and 'mid' parameters,
server MUST reply with a 4.00 (Bad Request). the DOTS server MUST reply with a 4.00 (Bad Request).
Once the request is validated, the DOTS server immediately Once the request is validated, the DOTS server immediately
acknowledges a DOTS client's request to withdraw the DOTS signal acknowledges a DOTS client's request to withdraw the DOTS signal
using 2.02 (Deleted) response code with no response payload. A 2.02 using 2.02 (Deleted) response code with no response payload. A 2.02
(Deleted) Response Code is returned even if the 'mitigation-id' (Deleted) Response Code is returned even if the 'mid' parameter value
parameter value conveyed in the DELETE request does not exist in its conveyed in the DELETE request does not exist in its configuration
configuration data before the request. data before the request.
If the DOTS server finds the 'mitigation-id' parameter value conveyed If the DOTS server finds the 'mid' parameter value conveyed in the
in the DELETE request in its configuration data for the DOTS client, DELETE request in its configuration data for the DOTS client, then to
then to protect against route or DNS flapping caused by a DOTS client protect against route or DNS flapping caused by a DOTS client rapidly
rapidly removing a mitigation, and to dampen the effect of removing a mitigation, and to dampen the effect of oscillating
oscillating attacks, the DOTS server MAY allow mitigation to continue attacks, the DOTS server MAY allow mitigation to continue for a
for a limited period after acknowledging a DOTS client's withdrawal limited period after acknowledging a DOTS client's withdrawal of a
of a mitigation request. During this period, the DOTS server status mitigation request. During this period, the DOTS server status
messages SHOULD indicate that mitigation is active but terminating messages SHOULD indicate that mitigation is active but terminating
(Section 4.4.2). (Section 4.4.2).
The initial active-but-terminating period SHOULD be sufficiently long The initial active-but-terminating period SHOULD be sufficiently long
to absorb latency incurred by route propagation. The active-but- to absorb latency incurred by route propagation. The active-but-
terminating period SHOULD be set by default to 120 seconds. If the terminating period SHOULD be set by default to 120 seconds. If the
client requests mitigation again before the initial active-but- client requests mitigation again before the initial active-but-
terminating period elapses, the DOTS server MAY exponentially terminating period elapses, the DOTS server MAY exponentially
increase the active-but- terminating period up to a maximum of 300 increase the active-but-terminating period up to a maximum of 300
seconds (5 minutes). seconds (5 minutes).
After the active-but-terminating period elapses, the DOTS server MUST After the active-but-terminating period elapses, the DOTS server MUST
treat the mitigation as terminated, as the DOTS client is no longer treat the mitigation as terminated, as the DOTS client is no longer
responsible for the mitigation. For example, if there is a financial responsible for the mitigation. For example, if there is a financial
relationship between the DOTS client and server domains, the DOTS relationship between the DOTS client and server domains, the DOTS
client stops incurring cost at this point. client stops incurring cost at this point.
4.5. DOTS Signal Channel Session Configuration 4.5. DOTS Signal Channel Session Configuration
A DOTS client can negotiate, configure, and retrieve the DOTS signal A DOTS client can negotiate, configure, and retrieve the DOTS signal
channel session behavior. The DOTS signal channel can be used, for channel session behavior with its DOTS peers. The DOTS signal
example, to configure the following: channel can be used, for example, to configure the following:
a. Heartbeat interval (heartbeat-interval): DOTS agents regularly a. Heartbeat interval (heartbeat-interval): DOTS agents regularly
send heartbeats (CoAP Ping/Pong) to each other after mutual send heartbeats (CoAP Ping/Pong) to each other after mutual
authentication is successfully completed in order to keep the authentication is successfully completed in order to keep the
DOTS signal channel open. Heartbeat messages are exchanged DOTS signal channel open. Heartbeat messages are exchanged
between DOTS agents every 'heartbeat-interval' seconds to detect between DOTS agents every 'heartbeat-interval' seconds to detect
the current status of the DOTS signal channel session. the current status of the DOTS signal channel session.
b. Missing heartbeats allowed (missing-hb-allowed): This variable b. Missing heartbeats allowed (missing-hb-allowed): This variable
indicates the maximum number of consecutive heartbeat messages indicates the maximum number of consecutive heartbeat messages
skipping to change at page 36, line 20 skipping to change at page 36, line 20
between a DOTS client and its immediate peer DOTS server. As such, between a DOTS client and its immediate peer DOTS server. As such,
this GET request MUST NOT be relayed by an on-path DOTS gateway. this GET request MUST NOT be relayed by an on-path DOTS gateway.
Figure 17 shows how to obtain acceptable configuration parameters for Figure 17 shows how to obtain acceptable configuration parameters for
the DOTS server. the DOTS server.
Header: GET (Code=0.01) Header: GET (Code=0.01)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "config" Uri-Path: "config"
Figure 17: GET to Retrieve Configuration Figure 17: GET to Retrieve Configuration
The DOTS server in the 2.05 (Content) response conveys the current, The DOTS server in the 2.05 (Content) response conveys the current,
minimum, and maximum attribute values acceptable by the DOTS server minimum, and maximum attribute values acceptable by the DOTS server
(Figure 18). (Figure 18).
Content-Format: "application/cbor" Content-Format: "application/cbor"
{ {
"ietf-dots-signal:signal-config": { "ietf-dots-signal-channel:signal-config": {
"mitigating-config": { "mitigating-config": {
"heartbeat-interval": { "heartbeat-interval": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"missing-hb-allowed": { "missing-hb-allowed": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"max-retransmit": { "max-retransmit": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"ack-timeout": { "ack-timeout": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"ack-random-factor": { "ack-random-factor": {
"current-value-decimal": number, "max-value-decimal": number,
"min-value-decimal": number, "min-value-decimal": number,
"max-value-decimal": number "current-value-decimal": number
} }
}, },
"idle-config": { "idle-config": {
"heartbeat-interval": { "heartbeat-interval": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"missing-hb-allowed": { "missing-hb-allowed": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"max-retransmit": { "max-retransmit": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"ack-timeout": { "ack-timeout": {
"current-value": integer, "max-value": integer,
"min-value": integer, "min-value": integer,
"max-value": integer "current-value": integer
}, },
"ack-random-factor": { "ack-random-factor": {
"current-value-decimal": number, "max-value-decimal": number,
"min-value-decimal": number, "min-value-decimal": number,
"max-value-decimal": number "current-value-decimal": number
} }
}, },
"trigger-mitigation": { "trigger-mitigation": boolean,
"current-value": boolean "config-interval": integer
}
} }
} }
Figure 18: GET Configuration Response Body Figure 18: GET Configuration Response Body
The parameters in Figure 18 are described below:
mitigation-config: Set of configuration parameters to use when a
mitigation is active. The following parameters may be included:
heartbeat-interval: Time interval in seconds between two
consecutive heartbeat messages.
'0' is used to disable the heartbeat mechanism.
This is an optional attribute.
missing-hb-allowed: Maximum number of consecutive heartbeat
messages for which the DOTS agent did not receive a response
before concluding that the session is disconnected.
This is an optional attribute.
max-retransmit: Maximum number of retransmissions for a message
(referred to as MAX_RETRANSMIT parameter in CoAP).
This is an optional attribute.
ack-timeout: Timeout value in seconds used to calculate the
initial retransmission timeout value (referred to as
ACK_TIMEOUT parameter in CoAP).
This is an optional attribute.
ack-random-factor: Random factor used to influence the timing of
retransmissions (referred to as ACK_RANDOM_FACTOR parameter in
CoAP).
This is an optional attribute.
idle-config: Set of configuration parameters to use when no
mitigation is active. This attribute has the same structure as
'mitigating-config'.
trigger-mitigation: If the parameter value is set to 'false', then
DDoS mitigation is triggered only when the DOTS signal channel
session is lost. Automated mitigation on loss of signal is
discussed in Section 3.3.3 of [I-D.ietf-dots-architecture].
If the DOTS client ceases to respond to heartbeat messages, the
DOTS server can detect that the DOTS session is lost.
The default value of the parameter is 'true'.
This is an optional attribute.
config-interval: This parameter is returned to indicate the time
interval expressed in seconds, which a DOTS agent must wait for
before re-contacting its peer in order to retrieve the signal
channel configuration data. This parameter is only valid for a
GET response. It MUST NOT be used in a PUT request.
'0' is used to disable this configuration refresh mechanism.
If a non-zero value of 'config-interval' is received by a DOTS
client, it has to issue a PUT request to refresh the configuration
parameters for the signal channel before the expiry of 'config-
interval'. When a DDoS attack is active, refresh requests MUST
NOT be sent by DOTS clients and the DOTS server MUST NOT terminate
the (D)TLS session after the expiry of 'config-interval'.
This mechanism allows updating the configuration data if a change
occurs at the DOTS server side. For example, the new
configuration may instruct a DOTS client to cease heartbeats or
reduce heartbeat frequency.
If this parameter is not returned, this is equivalent to receiving
a 'config-interval' value set to '0'.
If a DOTS server detects that a misbehaving DOTS client does not
contact the DOTS server after the expiry of 'config-interval', in
order to retrieve the signal channel configuration data, it MAY
terminate the (D)TLS session. A (D)TLS session is terminated by
the receipt of an authenticated message that closes the connection
(e.g., a fatal alert (Section 7.2 of [RFC5246])).
This is an optional attribute.
Figure 19 shows an example of acceptable and current configuration Figure 19 shows an example of acceptable and current configuration
parameters on a DOTS server for DOTS signal channel session parameters on a DOTS server for DOTS signal channel session
configuration. The same acceptable configuration is used during configuration. The same acceptable configuration is used during
attack and peace times. attack and peace times.
Content-Format: "application/cbor" Content-Format: "application/cbor"
{ {
"ietf-dots-signal:signal-config": { "ietf-dots-signal-channel:signal-config": {
"mitigating-config": { "mitigating-config": {
"heartbeat-interval": { "heartbeat-interval": {
"current-value": 30, "max-value": 240,
"min-value": 15, "min-value": 15,
"max-value": 240 "current-value": 30
}, },
"missing-hb-allowed": { "missing-hb-allowed": {
"current-value": 5, "max-value": 9,
"min-value": 3, "min-value": 3,
"max-value": 9 "current-value": 5
}, },
"max-retransmit": { "max-retransmit": {
"current-value": 3, "max-value": 15,
"min-value": 2, "min-value": 2,
"max-value": 15 "current-value": 3
}, },
"ack-timeout": { "ack-timeout": {
"current-value": 2, "max-value": 30,
"min-value": 1, "min-value": 1,
"max-value": 30 "current-value": 2
}, },
"ack-random-factor": { "ack-random-factor": {
"current-value-decimal": 1.5, "max-value-decimal": 4.0,
"min-value-decimal": 1.1, "min-value-decimal": 1.1,
"max-value-decimal": 4.0 "current-value-decimal": 1.5
} }
}, },
"idle-config": { "idle-config": {
"heartbeat-interval": { "heartbeat-interval": {
"current-value": 30, "max-value": 240,
"min-value": 15, "min-value": 15,
"max-value": 240 "current-value": 30
}, },
"missing-hb-allowed": { "missing-hb-allowed": {
"current-value": 5, "max-value": 9,
"min-value": 3, "min-value": 3,
"max-value": 9 "current-value": 5
}, },
"max-retransmit": { "max-retransmit": {
"current-value": 3, "max-value": 15,
"min-value": 2, "min-value": 2,
"max-value": 15 "current-value": 3
}, },
"ack-timeout": { "ack-timeout": {
"current-value": 2, "max-value": 30,
"min-value": 1, "min-value": 1,
"max-value": 30 "current-value": 2
}, },
"ack-random-factor": { "ack-random-factor": {
"current-value-decimal": 1.5, "max-value-decimal": 4.0,
"min-value-decimal": 1.1, "min-value-decimal": 1.1,
"max-value-decimal": 4.0 "current-value-decimal": 1.5
} }
}, },
"trigger-mitigation": { "trigger-mitigation": true,
"current-value": true "config-interval": 3600
}
} }
} }
Figure 19: Example of a Configuration Response Body Figure 19: Example of a Configuration Response Body
4.5.2. Convey DOTS Signal Channel Session Configuration 4.5.2. Convey DOTS Signal Channel Session Configuration
A PUT request is used to convey the configuration parameters for the A PUT request is used to convey the configuration parameters for the
signal channel (e.g., heartbeat interval, maximum retransmissions). signal channel (e.g., heartbeat interval, maximum retransmissions).
Message transmission parameters for CoAP are defined in Section 4.8 Message transmission parameters for CoAP are defined in Section 4.8
skipping to change at page 40, line 26 skipping to change at page 42, line 11
exponential back-off between retransmissions. By choosing the exponential back-off between retransmissions. By choosing the
recommended transmission parameters, the "CoAP Ping" will timeout recommended transmission parameters, the "CoAP Ping" will timeout
after 45 seconds. If the DOTS agent does not receive any response after 45 seconds. If the DOTS agent does not receive any response
from the peer DOTS agent for 'missing-hb-allowed' number of from the peer DOTS agent for 'missing-hb-allowed' number of
consecutive "CoAP Ping" confirmable messages, it concludes that the consecutive "CoAP Ping" confirmable messages, it concludes that the
DOTS signal channel session is disconnected. A DOTS client MUST NOT DOTS signal channel session is disconnected. A DOTS client MUST NOT
transmit a "CoAP Ping" while waiting for the previous "CoAP Ping" transmit a "CoAP Ping" while waiting for the previous "CoAP Ping"
response from the same DOTS server. response from the same DOTS server.
If the DOTS agent wishes to change the default values of message If the DOTS agent wishes to change the default values of message
transmission parameters, then it should follow the guidance given in transmission parameters, it should follow the guidance given in
Section 4.8.1 of [RFC7252]. The DOTS agents MUST use the negotiated Section 4.8.1 of [RFC7252]. The DOTS agents MUST use the negotiated
values for message transmission parameters and default values for values for message transmission parameters and default values for
non-negotiated message transmission parameters. non-negotiated message transmission parameters.
The signal channel session configuration is applicable to a single The signal channel session configuration is applicable to a single
DOTS signal channel session between the DOTS agents. DOTS signal channel session between DOTS agents, so the 'cuid' Uri-
Path MUST NOT be used.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "config" Uri-Path: "config"
Uri-Path: "session-id=123" Uri-Path: "sid=123"
Content-Format: "application/cbor" Content-Format: "application/cbor"
{ {
"ietf-dots-signal:signal-config": { "ietf-dots-signal-channel:signal-config": {
"mitigating-config": { "mitigating-config": {
"heartbeat-interval": { "heartbeat-interval": {
"current-value": integer "current-value": integer
}, },
"missing-hb-allowed": { "missing-hb-allowed": {
"current-value": integer "current-value": integer
}, },
"max-retransmit": { "max-retransmit": {
"current-value": integer "current-value": integer
}, },
skipping to change at page 41, line 30 skipping to change at page 43, line 16
"max-retransmit": { "max-retransmit": {
"current-value": integer "current-value": integer
}, },
"ack-timeout": { "ack-timeout": {
"current-value": integer "current-value": integer
}, },
"ack-random-factor": { "ack-random-factor": {
"current-value-decimal": number "current-value-decimal": number
} }
}, },
"trigger-mitigation": boolean, "trigger-mitigation": boolean
"config-interval": integer
} }
} }
Figure 20: PUT to Convey the DOTS Signal Channel Session Figure 20: PUT to Convey the DOTS Signal Channel Session
Configuration Data Configuration Data
The parameters in Figure 20 are described below: The additional Uri-Path parameter to those defined in Table 1 is as
follows:
session-id: Identifier for the DOTS signal channel session sid: Session Identifier is an identifier for the DOTS signal channel
configuration data represented as an integer. This identifier session configuration data represented as an integer. This
MUST be generated by the DOTS client. This document does not make identifier MUST be generated by DOTS clients. This document does
any assumption about how this identifier is generated. not make any assumption about how this identifier is generated.
This is a mandatory attribute. This is a mandatory attribute.
mitigation-config: Set of configuration parameters to use when a The meaning of the parameters in the CBOR body is defined in
mitigation is active. The following parameters may be included: Section 4.5.1.
heartbeat-interval: Time interval in seconds between two
consecutive heartbeat messages.
'0' is used to disable the heartbeat mechanism.
This is an optional attribute.
missing-hb-allowed: Maximum number of consecutive heartbeat
messages for which the DOTS agent did not receive a response
before concluding that the session is disconnected.
This is an optional attribute.
max-retransmit: Maximum number of retransmissions for a message
(referred to as MAX_RETRANSMIT parameter in CoAP).
This is an optional attribute.
ack-timeout: Timeout value in seconds used to calculate the
initial retransmission timeout value (referred to as
ACK_TIMEOUT parameter in CoAP).
This is an optional attribute.
ack-random-factor: Random factor used to influence the timing of
retransmissions (referred to as ACK_RANDOM_FACTOR parameter in
CoAP).
This is an optional attribute.
idle-config: Set of configuration parameters to use when no
mitigation is active. This attribute has the same structure as
'mitigating-config'.
trigger-mitigation: If the parameter value is set to 'false', then
DDoS mitigation is triggered only when the DOTS signal channel
session is lost. Automated mitigation on loss of signal is
discussed in Section 3.3.3 of [I-D.ietf-dots-architecture].
If the DOTS client ceases to respond to heartbeat messages, the
DOTS server can detect that the DOTS session is lost.
The default value of the parameter is 'true'.
This is an optional attribute.
config-interval: This parameter is returned to indicate the time
interval expressed in seconds, which a DOTS agent must wait for
before re-contacting its peer in order to retrieve the signal
channel configuration data.
'0' is used to disable this refresh mechanism.
If a non-zero value of 'config-interval' is received by a DOTS
client, it has to issue a PUT request to refresh the configuration
parameters for the signal channel before the expiry of 'config-
interval'. When a DDoS attack is active, refresh requests MUST
NOT be sent by DOTS clients and the DOTS server MUST NOT terminate
the (D)TLS session after the expiry of 'config-interval'.
This mechanism allows to update the configuration data if a change
occurs at the DOTS server side. For example, the new
configuration may instruct a DOTS client to cease heartbeats or
reduce heartbeat frequency.
If this parameter is not returned, this is equivalent to receiving
a 'config-interval' value set to '0'.
If a DOTS server detects that a misbehaving DOTS client does not
contact the DOTS server after the expiry of 'config-interval', in
order to retrieve the signal channel configuration data, it MAY
terminate the (D)TLS session. A (D)TLS session is terminated by
the receipt of an authenticated message that closes the connection
(e.g., a fatal alert (Section 7.2 of [RFC5246])).
This is an optional attribute.
At least one of the attributes 'heartbeat-interval', 'missing-hb- At least one of the attributes 'heartbeat-interval', 'missing-hb-
allowed', 'max-retransmit', 'ack-timeout', 'ack-random-factor', and allowed', 'max-retransmit', 'ack-timeout', 'ack-random-factor', and
'trigger-mitigation' MUST be present in the PUT request. The PUT 'trigger-mitigation' MUST be present in the PUT request.
request with a higher numeric 'session-id' value overrides the DOTS
The PUT request with a higher numeric 'sid' value overrides the DOTS
signal channel session configuration data installed by a PUT request signal channel session configuration data installed by a PUT request
with a lower numeric 'session-id' value. with a lower numeric 'sid' value. To avoid maintaining a long list
of 'sid' requests from a DOTS client, the lower numeric 'sid' MUST be
automatically deleted and no longer available at the DOTS server.
Figure 21 shows a PUT request example to convey the configuration Figure 21 shows a PUT request example to convey the configuration
parameters for the DOTS signal channel. In this example, heartbeat parameters for the DOTS signal channel. In this example, heartbeat
mechanism is disabled when no mitigation is active, while the mechanism is disabled when no mitigation is active, while the
heartbeat interval is set to '91' when a mitigation is active. heartbeat interval is set to '91' when a mitigation is active.
Header: PUT (Code=0.03) Header: PUT (Code=0.03)
Uri-Host: "www.example.com" Uri-Host: "www.example.com"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "v1" Uri-Path: "v1"
Uri-Path: "config" Uri-Path: "config"
Uri-Path: "session-id=123" Uri-Path: "sid=123"
Content-Format: "application/cbor" Content-Format: "application/cbor"
{ {
"ietf-dots-signal:signal-config": { "ietf-dots-signal-channel:signal-config": {
"mitigating-config": { "mitigating-config": {
"heartbeat-interval": { "heartbeat-interval": {
"current-value": 91 "current-value": 91
}, },
"missing-hb-allowed": { "missing-hb-allowed": {
"current-value": 3 "current-value": 3
}, },
"max-retransmit": { "max-retransmit": {
"current-value": 7 "current-value": 7
}, },
skipping to change at page 45, line 8 skipping to change at page 45, line 8
}, },
"trigger-mitigation": false "trigger-mitigation": false
} }
} }
Figure 21: PUT to Convey the Configuration Parameters Figure 21: PUT to Convey the Configuration Parameters
The DOTS server indicates the result of processing the PUT request The DOTS server indicates the result of processing the PUT request
using CoAP response codes: using CoAP response codes:
o If the DOTS server finds the 'session-id' parameter value conveyed o If the request is missing a mandatory attribute, does not include
in the PUT request in its configuration data and if the DOTS a 'sid' Uri-Path, or contains one or more invalid or unknown
server has accepted the updated configuration parameters, then parameters, 4.00 (Bad Request) MUST be returned in the response.
2.04 (Changed) code is returned in the response.
o If the DOTS server does not find the 'session-id' parameter value o If the DOTS server does not find the 'sid' parameter value
conveyed in the PUT request in its configuration data and if the conveyed in the PUT request in its configuration data and if the
DOTS server has accepted the configuration parameters, then a DOTS server has accepted the configuration parameters, then a
response code 2.01 (Created) is returned in the response. response code 2.01 (Created) is returned in the response.
o If the request is missing one or more mandatory attributes or it o If the DOTS server finds the 'sid' parameter value conveyed in the
contains one or more invalid or unknown parameters, 4.00 (Bad PUT request in its configuration data and if the DOTS server has
Request) is returned in the response. accepted the updated configuration parameters, 2.04 (Changed) MUST
be returned in the response.
o Response code 4.22 (Unprocessable Entity) is returned in the o If any of the 'heartbeat-interval', 'missing-hb-allowed', 'max-
response, if any of the 'heartbeat-interval', 'missing-hb- retransmit', 'target-protocol', 'ack-timeout', and 'ack-random-
allowed', 'max-retransmit', 'target-protocol', 'ack-timeout', and factor' attribute values are not acceptable to the DOTS server,
'ack-random-factor' attribute values are not acceptable to the 4.22 (Unprocessable Entity) MUST be returned in the response.
DOTS server. Upon receipt of the 4.22 error response code, the Upon receipt of this error code, the DOTS client SHOULD request
DOTS client should request the maximum and minimum attribute the maximum and minimum attribute values acceptable to the DOTS
values acceptable to the DOTS server (Section 4.5.1). server (Section 4.5.1).
The DOTS client may re-try and send the PUT request with updated The DOTS client may re-try and send the PUT request with updated
attribute values acceptable to the DOTS server. attribute values acceptable to the DOTS server.
4.5.3. Delete DOTS Signal Channel Session Configuration 4.5.3. Delete DOTS Signal Channel Session Configuration
A DELETE request is used to delete the installed DOTS signal channel A DELETE request is used to delete the installed DOTS signal channel
session configuration data (Figure 22). session configuration data (Figure 22).
Header: DELETE (Code=0.04) Header: DELETE (Code=0.04)
Uri-Host: "host" Uri-Host: "host"
Uri-Path: ".well-known" Uri-Path: ".well-known"
Uri-Path: "dots" Uri-Path: "dots"
Uri-Path: "version" Uri-Path: "v1"
Uri-Path: "config" Uri-Path: "config"
Uri-Query: "session-id=123" Uri-Query: "sid=123"
Figure 22: DELETE Configuration Figure 22: DELETE Configuration
The DOTS server resets the DOTS signal channel session configuration The DOTS server resets the DOTS signal channel session configuration
back to the default values and acknowledges a DOTS client's request back to the default values and acknowledges a DOTS client's request
to remove the DOTS signal channel session configuration using 2.02 to remove the DOTS signal channel session configuration using 2.02
(Deleted) response code. (Deleted) response code.
Upon bootsrapping or reboot, a DOTS client MAY send a DELETE request
to set the configuration parameters to default values. Such a
request does not include any 'sid'.
4.6. Redirected Signaling 4.6. Redirected Signaling
Redirected DOTS signaling is discussed in detail in Section 3.2.2 of Redirected DOTS signaling is discussed in detail in Section 3.2.2 of
[I-D.ietf-dots-architecture]. [I-D.ietf-dots-architecture].
If a DOTS server wants to redirect a DOTS client to an alternative If a DOTS server wants to redirect a DOTS client to an alternative
DOTS server for a signal session, then the response code 3.00 DOTS server for a signal session, then the response code 3.00
(alternate server) will be returned in the response to the DOTS (alternate server) will be returned in the response to the DOTS
client. client.
The DOTS server can return the error response code 3.00 in response The DOTS server can return the error response code 3.00 in response
to a PUT request from the DOTS client or convey the error response to a PUT request from the DOTS client or convey the error response
code 3.00 in a unidirectional notification response from the DOTS code 3.00 in a unidirectional notification response from the DOTS
server. server.
The DOTS server in the error response conveys the alternate DOTS The DOTS server in the error response conveys the alternate DOTS
server's FQDN, and the alternate DOTS server's IP address(es) and server's FQDN, and the alternate DOTS server's IP address(es) and
time to live values in the CBOR body (Figure 23). time to live values in the CBOR body (Figure 23).
{ {
"ietf-dots-signal:redirected-signal": { "ietf-dots-signal-channel:redirected-signal": {
"alt-server": "string", "alt-server": "string",
"alt-server-record": [ "alt-server-record": [
{ {
"addr": "string", "addr": "string",
"ttl" : integer "ttl" : integer
} }
] ]
} }
} }
skipping to change at page 47, line 6 skipping to change at page 47, line 6
addr: IP address of an alternate DOTS server. addr: IP address of an alternate DOTS server.
ttl: Time to live (TTL) represented as an integer number of seconds. ttl: Time to live (TTL) represented as an integer number of seconds.
Figure 24 shows a 3.00 response example to convey the DOTS alternate Figure 24 shows a 3.00 response example to convey the DOTS alternate
server 'alt-server.example', its IP addresses 2001:db8:6401::1 and server 'alt-server.example', its IP addresses 2001:db8:6401::1 and
2001:db8:6401::2, and TTL values 3600 and 1800. 2001:db8:6401::2, and TTL values 3600 and 1800.
{ {
"ietf-dots-signal:redirected-signal": { "ietf-dots-signal-channel:redirected-signal": {
"alt-server": "alt-server.example", "alt-server": "alt-server.example",
"alt-server-record": [ "alt-server-record": [
{ {
"ttl" : 3600, "ttl" : 3600,
"addr": "2001:db8:6401::1" "addr": "2001:db8:6401::1"
}, },
{ {
"ttl" : 1800, "ttl" : 1800,
"addr": "2001:db8:6401::2" "addr": "2001:db8:6401::2"
} }
skipping to change at page 49, line 10 skipping to change at page 49, line 10
DOTS agents using the Ping and Pong messages specified in Section 4.4 DOTS agents using the Ping and Pong messages specified in Section 4.4
of [I-D.ietf-core-coap-tcp-tls]. That is, the DOTS agent sends a of [I-D.ietf-core-coap-tcp-tls]. That is, the DOTS agent sends a
Ping message and the peer DOTS agent would respond by sending a Ping message and the peer DOTS agent would respond by sending a
single Pong message. single Pong message.
5. DOTS Signal Channel YANG Module 5. DOTS Signal Channel YANG Module
This document defines a YANG [RFC7950] module for mitigation scope This document defines a YANG [RFC7950] module for mitigation scope
and DOTS signal channel session configuration data. and DOTS signal channel session configuration data.
This YANG module defines the DOTS client interaction with the DOTS
server as seen by the DOTS client. A DOTS server is allowed to
update the non-configurable 'ro' entities in the responses. This
YANG module is not intended to be used for DOTS servers management
purposes. Such module is out of the scope of this document.
5.1. Tree Structure 5.1. Tree Structure
This document defines the YANG module "ietf-dots-signal" This document defines the YANG module "ietf-dots-signal-channel"
(Section 5.2), which has the following tree structure. A DOTS signal (Section 5.2), which has the following tree structure. A DOTS signal
message can either be a mitigation or a configuration message. message can either be a mitigation or a configuration message.
module: ietf-dots-signal module: ietf-dots-signal-channel
+--rw dots-signal +--rw dots-signal
+--rw (message-type)? +--rw (message-type)?
+--:(mitigation-scope) +--:(mitigation-scope)
| +--rw client-domain-hash? string | +--rw cdid? string
| +--rw scope* [cuid mitigation-id] | +--rw scope* [cuid mid]
| +--rw cuid string | +--rw cuid string
| +--rw mitigation-id int32 | +--rw mid uint32
| +--rw target-prefix* inet:ip-prefix | +--rw target-prefix* inet:ip-prefix
| +--rw target-port-range* [lower-port upper-port] | +--rw target-port-range* [lower-port upper-port]
| | +--rw lower-port inet:port-number | | +--rw lower-port inet:port-number
| | +--rw upper-port inet:port-number | | +--rw upper-port inet:port-number
| +--rw target-protocol* uint8 | +--rw target-protocol* uint8
| +--rw target-fqdn* inet:domain-name | +--rw target-fqdn* inet:domain-name
| +--rw target-uri* inet:uri | +--rw target-uri* inet:uri
| +--rw alias-name* string | +--rw alias-name* string
| +--rw lifetime? int32 | +--rw lifetime? int32
| +--rw mitigation-start? int64 | +--ro mitigation-start? uint64
| +--ro status? enumeration | +--ro status? enumeration
| +--ro conflict-information | +--ro conflict-information
| | +--ro conflict-status? enumeration | | +--ro conflict-status? enumeration
| | +--ro conflict-cause? enumeration | | +--ro conflict-cause? enumeration
| | +--ro retry-timer? int32 | | +--ro retry-timer? uint32
| | +--ro conflict-scope | | +--ro conflict-scope
| | +--ro target-prefix* inet:ip-prefix | | +--ro target-prefix* inet:ip-prefix
| | +--ro target-port-range* [lower-port upper-port] | | +--ro target-port-range* [lower-port upper-port]
| | | +--ro lower-port inet:port-number | | | +--ro lower-port inet:port-number
| | | +--ro upper-port inet:port-number | | | +--ro upper-port inet:port-number
| | +--ro target-protocol* uint8 | | +--ro target-protocol* uint8
| | +--ro target-fqdn* inet:domain-name | | +--ro target-fqdn* inet:domain-name
| | +--ro target-uri* inet:uri | | +--ro target-uri* inet:uri
| | +--ro alias-name* string | | +--ro alias-name* string
| | +--ro acl-list* [acl-name acl-type] | | +--ro acl-list* [acl-name]
| | +--ro acl-name -> /ietf-acl:access-lists/acl/acl-name | | +--ro acl-name
| | +--ro acl-type -> /ietf-acl:access-lists/acl/acl-type | | | -> /ietf-acl:access-lists/acl/name
| +--ro pkts-dropped? yang:zero-based-counter64 | | +--ro acl-type?
| +--ro bps-dropped? yang:zero-based-counter64 | | -> /ietf-acl:access-lists/acl/type
| +--ro bytes-dropped? yang:zero-based-counter64 | +--ro bytes-dropped? yang:zero-based-counter64
| +--ro pps-dropped? yang:zero-based-counter64 | +--ro bps-dropped? yang:zero-based-counter64
| +--rw attack-status? enumeration | +--ro pkts-dropped? yang:zero-based-counter64
+--:(signal-config) | +--ro pps-dropped? yang:zero-based-counter64
| +--rw session-id int32 | +--rw attack-status? enumeration
| +--rw mitigating-config +--:(signal-config)
| | +--rw heartbeat-interval | +--rw sid uint32
| | | +--rw max-value? int16 | +--rw mitigating-config
| | | +--rw min-value? int16 | | +--rw heartbeat-interval
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw missing-hb-allowed | | | +--ro min-value? uint16
| | | +--rw max-value? int16 | | | +--rw current-value? uint16
| | | +--rw min-value? int16 | | +--rw missing-hb-allowed
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw max-retransmit | | | +--ro min-value? uint16
| | | +--rw max-value? int16 | | | +--rw current-value? uint16
| | | +--rw min-value? int16 | | +--rw max-retransmit
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw ack-timeout | | | +--ro min-value? uint16
| | | +--rw max-value? int16 | | | +--rw current-value? uint16
| | | +--rw min-value? int16 | | +--rw ack-timeout
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw ack-random-factor | | | +--ro min-value? uint16
| | +--rw max-value-decimal? decimal64 | | | +--rw current-value? uint16
| | +--rw min-value-decimal? decimal64 | | +--rw ack-random-factor
| | +--rw current-value-decimal? decimal64 | | +--ro max-value-decimal? decimal64
| +--rw idle-config | | +--ro min-value-decimal? decimal64
| | +--rw heartbeat-interval | | +--rw current-value-decimal? decimal64
| | | +--rw max-value? int16 | +--rw idle-config
| | | +--rw min-value? int16 | | +--rw heartbeat-interval
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw missing-hb-allowed | | | +--ro min-value? uint16
| | | +--rw max-value? int16 | | | +--rw current-value? uint16
| | | +--rw min-value? int16 | | +--rw missing-hb-allowed
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw max-retransmit | | | +--ro min-value? uint16
| | | +--rw max-value? int16 | | | +--rw current-value? uint16
| | | +--rw min-value? int16 | | +--rw max-retransmit
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw ack-timeout | | | +--ro min-value? uint16
| | | +--rw max-value? int16 | | | +--rw current-value? uint16
| | | +--rw min-value? int16 | | +--rw ack-timeout
| | | +--rw current-value? int16 | | | +--ro max-value? uint16
| | +--rw ack-random-factor | | | +--ro min-value? uint16
| | +--rw max-value-decimal? decimal64 | | | +--rw current-value? uint16
| | +--rw min-value-decimal? decimal64 | | +--rw ack-random-factor
| | +--rw current-value-decimal? decimal64 | | +--ro max-value-decimal? decimal64
| +--rw trigger-mitigation? boolean | | +--ro min-value-decimal? decimal64
| +--rw config-interval? int32 | | +--rw current-value-decimal? decimal64
+--:(redirected-signal) | +--rw trigger-mitigation? boolean
+--rw alt-server string | +--ro config-interval? uint32
+--rw alt-server-record* [addr] +--:(redirected-signal)
+--rw addr inet:ip-address +--ro alt-server string
+--rw ttl? int32 +--ro alt-server-record* [addr]
+--ro addr inet:ip-address
+--ro ttl? uint32
5.2. YANG Module 5.2. YANG Module
<CODE BEGINS> file "ietf-dots-signal@2018-01-09.yang" <CODE BEGINS> file "ietf-dots-signal-channel@2018-01-23.yang"
module ietf-dots-signal {
yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-signal";
prefix "signal";
import ietf-inet-types {prefix "inet";}
import ietf-yang-types {prefix yang;}
import ietf-access-control-list {prefix "ietf-acl";}
organization "IETF DDoS Open Threat Signaling (DOTS) Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/dots/>
WG List: <mailto:dots@ietf.org>
Editor: Konda, Tirumaleswar Reddy module ietf-dots-signal-channel {
<mailto:TirumaleswarReddy_Konda@McAfee.com> yang-version 1.1;
namespace "urn:ietf:params:xml:ns:yang:ietf-dots-signal-channel";
prefix signal;
Editor: Mohamed Boucadair import ietf-inet-types {
<mailto:mohamed.boucadair@orange.com> prefix inet;
}
import ietf-yang-types {
prefix yang;
}
import ietf-access-control-list {
prefix ietf-acl;
}
Author: Prashanth Patil organization
<mailto:praspati@cisco.com> "IETF DDoS Open Threat Signaling (DOTS) Working Group";
contact
"WG Web: <https://datatracker.ietf.org/wg/dots/>
WG List: <mailto:dots@ietf.org>
Author: Andrew Mortensen Editor: Konda, Tirumaleswar Reddy
<mailto:amortensen@arbor.net> <mailto:TirumaleswarReddy_Konda@McAfee.com>
Author: Nik Teague Editor: Mohamed Boucadair
<mailto:nteague@verisign.com>"; <mailto:mohamed.boucadair@orange.com>
description Author: Prashanth Patil
"This module contains YANG definition for the signaling <mailto:praspati@cisco.com>
messages exchanged between a DOTS client and a DOTS server.
Copyright (c) 2017 IETF Trust and the persons identified as Author: Andrew Mortensen
authors of the code. All rights reserved. <mailto:amortensen@arbor.net>
Redistribution and use in source and binary forms, with or Author: Nik Teague
without modification, is permitted pursuant to, and subject <mailto:nteague@verisign.com>";
to the license terms contained in, the Simplified BSD License description
set forth in Section 4.c of the IETF Trust's Legal Provisions "This module contains YANG definition for the signaling
Relating to IETF Documents messages exchanged between a DOTS client and a DOTS server.
(http://trustee.ietf.org/license-info).
This version of this YANG module is part of RFC XXXX; see Copyright (c) 2018 IETF Trust and the persons identified as
the RFC itself for full legal notices."; authors of the code. All rights reserved.
revision 2018-01-09 { Redistribution and use in source and binary forms, with or
description without modification, is permitted pursuant to, and subject
"Initial revision."; to the license terms contained in, the Simplified BSD License
reference set forth in Section 4.c of the IETF Trust's Legal Provisions
"RFC XXXX: Distributed Denial-of-Service Open Threat Relating to IETF Documents
Signaling (DOTS) Signal Channel"; (http://trustee.ietf.org/license-info).
}
grouping target { This version of this YANG module is part of RFC XXXX; see
description the RFC itself for full legal notices.";
"Specifies the targets of the mitigation request.";
leaf-list target-prefix { revision 2018-01-23 {
type inet:ip-prefix;
description description
"IPv4 or IPv6 prefix identifying the target."; "Initial revision.";
reference
"RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel";
} }
list target-port-range { /*
key "lower-port upper-port"; * Groupings
*/
grouping target {
description description
"Port range. When only lower-port is "Specifies the targets of the mitigation request.";
present, it represents a single port."; leaf-list target-prefix {
type inet:ip-prefix;
leaf lower-port {
type inet:port-number;
mandatory true;
description description
"Lower port number of the port range."; "IPv4 or IPv6 prefix identifying the target.";
} }
list target-port-range {
leaf upper-port { key "lower-port upper-port";
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper port number must be greater than
or equal to lower port number.";
}
description description
"Upper port number of the port range."; "Port range. When only lower-port is
present, it represents a single port number.";
leaf lower-port {
type inet:port-number;
mandatory true;
description
"Lower port number of the port range.";
}
leaf upper-port {
type inet:port-number;
must ". >= ../lower-port" {
error-message
"The upper port number must be greater than
or equal to lower port number.";
}
description
"Upper port number of the port range.";
}
} }
} leaf-list target-protocol {
type uint8;
leaf-list target-protocol { description
type uint8; "Identifies the target protocol number.
description
"Identifies the target protocol number.
The value '0' means 'all protocols'.
Values are taken from the IANA protocol registry:
https://www.iana.org/assignments/protocol-numbers/
protocol-numbers.xhtml
For example, 6 for TCP or 17 for UDP.";
}
leaf-list target-fqdn {
type inet:domain-name;
description "FQDN identifying the target.";
}
leaf-list target-uri {
type inet:uri;
description "URI identifying the target.";
}
leaf-list alias-name {
type string;
description
"An alias name that points to a resoucre.";
}
}
grouping mitigation-scope {
description
"Specifies the scope of the mitigation request.";
leaf client-domain-hash {
type string;
description
"The client domain hash may be conveyed by
the server-domain DOTS gateway to propagate the
client domain identification information from the
gateway's client-side to the gateway's server-side,
and from the gateway's server-side to the DOTS
server.
It may be used by the final DOTS server The value '0' means 'all protocols'.
for policy enforcement purposes.";
}
list scope { Values are taken from the IANA protocol registry:
key "cuid mitigation-id"; https://www.iana.org/assignments/protocol-numbers/
description protocol-numbers.xhtml
"The scope of the request.";
leaf cuid { For example, 6 for TCP or 17 for UDP.";
type string;
description
"A unique identifier that is randomly
generated by a DOTS client to prevent
request collisions.";
} }
leaf-list target-fqdn {
leaf mitigation-id { type inet:domain-name;
type int32;
description description
"Mitigation request identifier. "FQDN identifying the target.";
This identifier must be unique for each mitigation
request bound to the DOTS client.";
} }
leaf-list target-uri {
uses target; type inet:uri;
leaf lifetime {
type int32;
units "seconds";
default 3600;
description description
"Indicates the lifetime of the mitigation request."; "URI identifying the target.";
reference
"RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel";
} }
}
leaf mitigation-start { grouping mitigation-scope {
type int64; description
units "seconds"; "Specifies the scope of the mitigation request.";
leaf cdid {
type string;
description description
"Mitigation start time is represented in seconds "The cdid should be included by a server-domain
relative to 1970-01-01T00:00Z in UTC time."; DOTS gateway to propagate the client domain
identification information from the
gateway's client-facing-side to the gateway's
server-facing-side, and from the gateway's
server-facing-side to the DOTS server.
It may be used by the final DOTS server
for policy enforcement purposes.";
} }
list scope {
key "cuid mid";
description
"The scope of the request.";
leaf cuid {
type string;
description
"A unique identifier that is randomly
generated by a DOTS client to prevent
request collisions. It is expected that the
cuid will remain consistent throughout the
lifetime of the DOTS client.";
}
leaf mid {
type uint32;
description
"Mitigation request identifier.
leaf status { This identifier must be unique for each mitigation
type enumeration { request bound to the DOTS client.";
enum "attack-mitigation-in-progress" { }
value 1; uses target;
description leaf-list alias-name {
"Attack mitigation is in progress (e.g., changing type string;
the network path to re-route the inbound traffic description
to DOTS mitigator)."; "An alias name that points to a resource.";
} }
leaf lifetime {
enum "attack-successfully-mitigated" { type int32;
value 2; units "seconds";
description default "3600";
"Attack is successfully mitigated (e.g., traffic description
is redirected to a DDoS mitigator and attack "Indicates the lifetime of the mitigation request.
traffic is dropped or blackholed).";
}
enum "attack-stopped" {
value 3;
description
"Attack has stopped and the DOTS client can
withdraw the mitigation request.";
}
enum "attack-exceeded-capability" {
value 4;
description
"Attack has exceeded the mitigation provider
capability.";
}
enum "dots-client-withdrawn-mitigation" { A lifetime of '0' in a mitigation request is an
value 5; invalid value.
description
"DOTS client has withdrawn the mitigation
request and the mitigation is active but
terminating.";
}
enum "attack-mitigation-terminated" { A lifetime of negative one (-1) indicates indefinite
value 6; lifetime for the mitigation request.";
description
"Attack mitigation is now terminated.";
}
enum "attack-mitigation-withdrawn" {
value 7;
description
"Attack mitigation is withdrawn.";
}
enum "attack-mitigation-rejected" {
value 8;
description
"Attack mitigation is rejected.";
}
} }
config false; leaf mitigation-start {
description type uint64;
"Indicates the status of a mitigation request. config false;
It must be included in responses only."; description
"Mitigation start time is represented in seconds
relative to 1970-01-01T00:00:00Z in UTC time.";
}
leaf status {
type enumeration {
enum "attack-mitigation-in-progress" {
value 1;
description
"Attack mitigation is in progress (e.g., changing
the network path to re-route the inbound traffic
to DOTS mitigator).";
}
enum "attack-successfully-mitigated" {
value 2;
description
"Attack is successfully mitigated (e.g., traffic
is redirected to a DDoS mitigator and attack
traffic is dropped or blackholed).";
}
enum "attack-stopped" {
value 3;
description
"Attack has stopped and the DOTS client can
withdraw the mitigation request.";
}
enum "attack-exceeded-capability" {
value 4;
description
"Attack has exceeded the mitigation provider
capability.";
}
enum "dots-client-withdrawn-mitigation" {
value 5;
description
"DOTS client has withdrawn the mitigation
request and the mitigation is active but
terminating.";
}
enum "attack-mitigation-terminated" {
value 6;
description
"Attack mitigation is now terminated.";
}
enum "attack-mitigation-withdrawn" {
value 7;
description
"Attack mitigation is withdrawn.";
}
enum "attack-mitigation-rejected" {
value 8;
description
"Attack mitigation is rejected.";
}
}
config false;
description
"Indicates the status of a mitigation request.
It must be included in responses only.";
} }
container conflict-information { container conflict-information {
config false; config false;
description description
"Indicates that a conflict is detected. "Indicates that a conflict is detected.
Must only be used for responses."; Must only be used for responses.";
leaf conflict-status { leaf conflict-status {
type enumeration { type enumeration {
enum "request-inactive-other-active" { enum "request-inactive-other-active" {
value 1; value 1;
description description
"DOTS Server has detected conflicting mitigation "DOTS Server has detected conflicting mitigation
requests from different DOTS clients. requests from different DOTS clients.
This mitigation request is currently inactive This mitigation request is currently inactive
until the conflicts are resolved. Another until the conflicts are resolved. Another
mitigation request is active."; mitigation request is active.";
} }
enum "request-active" { enum "request-active" {
value 2; value 2;
description description
"DOTS Server has detected conflicting mitigation "DOTS Server has detected conflicting mitigation
requests from different DOTS clients. requests from different DOTS clients.
This mitigation request is currently active."; This mitigation request is currently active.";
} }
enum "all-requests-inactive" { enum "all-requests-inactive" {
value 3; value 3;
description description
"DOTS Server has detected conflicting mitigation "DOTS Server has detected conflicting mitigation
requests from different DOTS clients. All requests from different DOTS clients. All
conflicting mitigation requests are inactive."; conflicting mitigation requests are inactive.";
} }
} }
description description
"Indicates the conflict status. "Indicates the conflict status.";
It must be included in responses only.";
} }
leaf conflict-cause { leaf conflict-cause {
type enumeration { type enumeration {
enum "overlapping-targets" { enum "overlapping-targets" {
value 1; value 1;
description description
"Overlapping targets. conflict-scope provides "Overlapping targets. conflict-scope provides
more details about the exact conflict."; more details about the exact conflict.";
} }
enum "conflict-with-whitelist" {
enum "conflict-with-whitelist" { value 2;
value 2; description
description "Conflicts with an existing white list.
"Conflicts with an existing white list.
This code is returned when the DDoS mitigation
detects that some of the source addresses/prefixes
listed in the white list ACLs are actually
attacking the target.";
}
enum "cuid-collision" { This code is returned when the DDoS mitigation
value 3; detects that some of the source addresses/prefixes
description listed in the white list ACLs are actually
"Conflicts with the CUID used by another attacking the target.";
DOTS client of the same domain."; }
} enum "cuid-collision" {
value 3;
description
"Conflicts with the cuid used by another
DOTS client.";
}
} }
description description
"Indicates the cause of the conflict. "Indicates the cause of the conflict.";
It must be included in responses only.";
} }
leaf retry-timer { leaf retry-timer {
type int32; type uint32;
units "seconds"; units "seconds";
description description
"The DOTS client must not re-send the "The DOTS client must not re-send the
same request before the expiry of this timer. same request that has a conflict before the expiry of
It must be included in responses, only."; this timer.";
} }
container conflict-scope { container conflict-scope {
description description
"Provides more information about the conflict scope."; "Provides more information about the conflict scope.";
uses target { uses target {
when "../conflict-cause = 'overlapping-targets'"; when "../conflict-cause = 'overlapping-targets'";
} }
leaf-list alias-name {
when "../../conflict-cause = 'overlapping-targets'";
type string;
description
"Conflicting alias-name.";
}
list acl-list { list acl-list {
when "../../conflict-cause = 'conflict-with-whitelist'"; when "../../conflict-cause = 'conflict-with-whitelist'";
key "acl-name acl-type"; key "acl-name";
description description
"List of conflicting ACLs"; "List of conflicting ACLs as defined in the DOTS data
channel. These ACLs are uniquely defined by
cuid and acl-name.";
leaf acl-name { leaf acl-name {
type leafref { type leafref {
path "/ietf-acl:access-lists/ietf-acl:acl" + path "/ietf-acl:access-lists/ietf-acl:acl/" +
"/ietf-acl:acl-name"; "ietf-acl:name";
} }
description description
"Reference to the conflicting ACL name bound to "Reference to the conflicting ACL name bound to
a DOTS client."; a DOTS client.";
} }
leaf acl-type { leaf acl-type {
type leafref { type leafref {
path "/ietf-acl:access-lists/ietf-acl:acl" + path "/ietf-acl:access-lists/ietf-acl:acl/" +
"/ietf-acl:acl-type"; "ietf-acl:type";
} }
description description
"Reference to the conflicting ACL type bound to "Reference to the conflicting ACL type bound to
a DOTS client."; a DOTS client.";
} }
} }
} }
} }
leaf bytes-dropped {
leaf pkts-dropped {
type yang:zero-based-counter64; type yang:zero-based-counter64;
units "bytes";
config false; config false;
description description
"Number of dropped packets."; "The total dropped byte count for the mitigation
request since the attack mitigation is triggered.
The count wraps around when it reaches the maximum value
of counter64 for dropped bytes.";
} }
leaf bps-dropped { leaf bps-dropped {
type yang:zero-based-counter64; type yang:zero-based-counter64;
config false; config false;
description description
"The average number of dropped bytes per second for "The average number of dropped bits per second for
the mitigation request since the attack the mitigation request since the attack
mitigation is triggered."; mitigation is triggered. This should be a
} five-minute average.";
leaf bytes-dropped { }
leaf pkts-dropped {
type yang:zero-based-counter64; type yang:zero-based-counter64;
units 'bytes';
config false; config false;
description description
"Counter for dropped packets; in bytes."; "The total number of dropped packet count for the
mitigation request since the attack mitigation is
triggered. The count wraps around when it reaches
the maximum value of counter64 for dropped packets.";
} }
leaf pps-dropped { leaf pps-dropped {
type yang:zero-based-counter64; type yang:zero-based-counter64;
config false; config false;
description description
"The average number of dropped packets per second "The average number of dropped packets per second
for the mitigation request since the attack for the mitigation request since the attack
mitigation is triggered."; mitigation is triggered. This should be a
} five-minute average.";
leaf attack-status {
type enumeration {
enum "under-attack" {
value 1;
description
"The DOTS client determines that it is still under
attack.";
}
enum "attack-successfully-mitigated" {
value 2;
description
"The DOTS client determines that the attack is
successfully mitigated.";
}
} }
description leaf attack-status {
"Indicates the status of an attack as seen by the type enumeration {
DOTS client."; enum "under-attack" {
value 1;
description
"The DOTS client determines that it is still under
attack.";
}
enum "attack-successfully-mitigated" {
value 2;
description
"The DOTS client determines that the attack is
successfully mitigated.";
}
}
description
"Indicates the status of an attack as seen by the
DOTS client.";
} }
}
} }
}
grouping config-parameters {
description
"Subset of DOTS signal channel session configuration.";
container heartbeat-interval { grouping config-parameters {
description description
"DOTS agents regularly send heartbeats to each other "Subset of DOTS signal channel session configuration.";
after mutual authentication is successfully container heartbeat-interval {
completed in order to keep the DOTS signal channel
open.";
leaf max-value {
type int16;
units "seconds";
description description
"Maximum acceptable heartbeat-interval value."; "DOTS agents regularly send heartbeats to each other
reference after mutual authentication is successfully
"RFC XXXX: Distributed Denial-of-Service Open Threat completed in order to keep the DOTS signal channel
Signaling (DOTS) Signal Channel"; open.";
} leaf max-value {
type uint16;
units "seconds";
config false;
description
"Maximum acceptable heartbeat-interval value.";
}
leaf min-value {
type uint16;
units "seconds";
config false;
description
"Minimum acceptable heartbeat-interval value.";
}
leaf current-value {
type uint16;
units "seconds";
default "30";
description
"Current heartbeat-interval value.
leaf min-value { '0' means that heartbeat mechanism is deactivated.";
type int16; }
units "seconds";
description
"Minimum acceptable heartbeat-interval value.";
reference
"RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel";
} }
leaf current-value { container missing-hb-allowed {
type int16;
units "seconds";
default 30;
description description
"Current heartbeat-interval value. "Maximum number of missing heartbeats allowed.";
leaf max-value {
'0' means that heartbeat mechanism is deactivated."; type uint16;
reference config false;
"RFC XXXX: Distributed Denial-of-Service Open Threat description
Signaling (DOTS) Signal Channel"; "Maximum acceptable missing-hb-allowed value.";
}
leaf min-value {
type uint16;
config false;
description
"Minimum acceptable missing-hb-allowed value.";
}
leaf current-value {
type uint16;
default "5";
description
"Current missing-hb-allowed value.";
}
} }
} container max-retransmit {
container missing-hb-allowed {
description
"Maximum number of missing heartbeats allowed.";
leaf max-value {
type int16;
description description
"Maximum acceptable value."; "Maximum number of retransmissions of a Confirmable
reference message.";
"RFC XXXX: Distributed Denial-of-Service Open Threat leaf max-value {
Signaling (DOTS) Signal Channel"; type uint16;
config false;
description
"Maximum acceptable max-retransmit value.";
}
leaf min-value {
type uint16;
config false;
description
"Minimum acceptable max-retransmit value.";
}
leaf current-value {
type uint16;
default "3";
description
"Current max-retransmit value.";
}
} }
container ack-timeout {
leaf min-value {
type int16;
description description
"Minimum acceptable value."; "Initial retransmission timeout value.";
reference leaf max-value {
"RFC XXXX: Distributed Denial-of-Service Open Threat type uint16;
Signaling (DOTS) Signal Channel"; units "seconds";
config false;
description
"Maximum ack-timeout value.";
}
leaf min-value {
type uint16;
units "seconds";
config false;
description
"Minimum ack-timeout value.";
}
leaf current-value {
type uint16;
units "seconds";
default "2";
description
"Current ack-timeout value.";
}
} }
leaf current-value { container ack-random-factor {
type int16;
default 5;
description description
"Current value."; "Random factor used to influence the timing of
reference retransmissions.";
"RFC XXXX: Distributed Denial-of-Service Open Threat leaf max-value-decimal {
Signaling (DOTS) Signal Channel"; type decimal64 {
fraction-digits 2;
}
config false;
description
"Maximum acceptable ack-random-factor value.";
}
leaf min-value-decimal {
type decimal64 {
fraction-digits 2;
}
config false;
description
"Minimum acceptable ack-random-factor value.";
}
leaf current-value-decimal {
type decimal64 {
fraction-digits 2;
}
default "1.5";
description
"Current ack-random-factor value.";
}
} }
} }
container max-retransmit { grouping signal-config {
description description
"Maximum number of retransmissions of a Confirmable "DOTS signal channel session configuration.";
message."; leaf sid {
type uint32;
leaf max-value { mandatory true;
type int16;
description
"Maximum acceptable value.";
reference
"Section 4.8 of RFC 7552.";
}
leaf min-value {
type int16;
description description
"Minimum acceptable value."; "An identifier for the DOTS signal channel
reference session configuration data.";
"Section 4.8 of RFC 7552.";
} }
leaf current-value { container mitigating-config {
type int16;
default 3;
description description
"Current value."; "Configuration parameters to use when a mitigation
reference is active.";
"RFC XXXX: Distributed Denial-of-Service Open Threat uses config-parameters;
Signaling (DOTS) Signal Channel";
} }
} container idle-config {
container ack-timeout {
description
"Initial retransmission timeout value.";
leaf max-value {
type int16;
units "seconds";
description description
"Maximum value."; "Configuration parameters to use when no mitigation
reference is active.";
"Section 4.8 of RFC 7552."; uses config-parameters;
} }
leaf trigger-mitigation {
leaf min-value { type boolean;
type int16; default "true";
units "seconds";
description description
"Minimum value."; "If false, then mitigation is triggered
reference only when the DOTS server channel session is lost.";
"Section 4.8 of RFC 7552.";
} }
leaf current-value { leaf config-interval {
type int16; type uint32;
units "seconds"; units "seconds";
default 2; default "3600";
config false;
description description
"Current value."; "This parameter is returned by a DOTS server to
reference a requesting DOTS client to indicate the time interval
"Section 4.8 of RFC 7552."; after which the DOTS client must contact the DOTS
} server in order to retrieve the signal channel
} configuration data.
container ack-random-factor { This mechanism allows the update of the configuration
description data if a change occurs.
"Random factor used to influence the timing of
retransmissions.";
leaf max-value-decimal { For example, the new configuration may instruct
type decimal64 { a DOTS client to cease heartbeats or reduce
fraction-digits 2; heartbeat frequency.
}
description
"Maximum acceptable value.";
reference
"Section 4.8 of RFC 7552.";
}
leaf min-value-decimal { '0' is used to disable this refresh mechanism.";
type decimal64 {
fraction-digits 2;
}
description
"Minimum acceptable value.";
reference
"Section 4.8 of RFC 7552.";
}
leaf current-value-decimal {
type decimal64 {
fraction-digits 2;
}
default 1.5;
description
"Current value.";
reference
"Section 4.8 of RFC 7552.";
} }
} }
}
grouping signal-config {
description
"DOTS signal channel session configuration.";
leaf session-id {
type int32;
mandatory true;
description
"An identifier for the DOTS signal channel
session configuration data.";
}
container mitigating-config {
description
"Configuration parameters to use when a mitigation is active.";
uses config-parameters;
}
container idle-config {
description
"Configuration parameters to use when no mitigation is
active.";
uses config-parameters;
}
leaf trigger-mitigation {
type boolean;
default true;
description
"If false, then mitigation is triggered
only when the DOTS server channel session is lost";
reference
"RFC XXXX: Distributed Denial-of-Service Open Threat
Signaling (DOTS) Signal Channel";
}
leaf config-interval {
type int32;
units "seconds";
description
"This parameter is returned by a DOTS server to
a requesting DOTS client to indicate the time interval
after which the DOTS client must contact the DOTS
server in order to retrieve the signal channel
configuration data.
This mechanism allows the update of the configuration
data if a change occurs.
For example, the new configuration may instruct
a DOTS client to cease heartbeats or reduce
heartbeat frequency.
'0' is used to disable this refresh mechanism.";
}
}
grouping redirected-signal {
description
"Grouping for the redirected signaling.";
leaf alt-server {
type string;
mandatory true;
description
"Alias of an alternate server.";
}
list alt-server-record { grouping redirected-signal {
key "addr";
description description
"List of records for the alternate server."; "Grouping for the redirected signaling.";
leaf alt-server {
leaf addr { type string;
type inet:ip-address; config false;
mandatory true;
description description
"IPv4 or IPv6 address identifying the server."; "FQDN of an alternate server.";
} }
list alt-server-record {
leaf ttl { key "addr";
type int32; config false;
description description
"TTL associated with this record."; "List of records for the alternate server.";
leaf addr {
type inet:ip-address;
description
"An IPv4 or IPv6 address identifying the server.";
}
leaf ttl {
type uint32;
description
"TTL associated with this record.";
}
} }
} }
}
container dots-signal { /*
description * Main Container for DOTS Signal Channel
"Main container for DOTS signal message. */
A DOTS signal message can be a mitigation message or
a configuration message.";
choice message-type { container dots-signal {
description description
"Can be a mitigation, a configuration, or a redirect "Main container for DOTS signal message.
message.";
case mitigation-scope {
description
"Mitigation scope of a mitigation message.";
uses mitigation-scope;
}
case signal-config {
description
"Configuration message.";
uses signal-config;
}
case redirected-signal { A DOTS signal message can be a mitigation, a configuration,
or a redirected signal message.";
choice message-type {
description description
"Redirected signaling."; "Can be a mitigation, a configuration, or a redirect
uses redirected-signal; message.";
case mitigation-scope {
description
"Mitigation scope of a mitigation message.";
uses mitigation-scope;
}
case signal-config {
description
"Configuration message.";
uses signal-config;
}
case redirected-signal {
description
"Redirected signaling.";
uses redirected-signal;
}
} }
} }
} }
} <CODE ENDS>
<CODE ENDS>
6. Mapping Parameters to CBOR 6. Mapping Parameters to CBOR
All parameters in the payload of the DOTS signal channel MUST be All parameters in the payload of the DOTS signal channel MUST be
mapped to CBOR types as shown in Table 4 and are assigned an integer mapped to CBOR types as shown in Table 4 and are assigned an integer
key to save space. The recipient of the payload MAY reject the key to save space. The recipient of the payload MAY reject the
information if it is not suitably mapped. information if it is not suitably mapped.
+-----------------------+---------+--------------------+------------+ +----------------------+-------------+-----+---------------+--------+
| Parameter Name | CBOR | CBOR Major Type | JSON Type | | Parameter Name | YANG | CBOR| CBOR Major | JSON |
| | Key | | | | | Type | Key | Type & | Type |
+-----------------------+---------+--------------------+------------+ | | | | Information | |
| mitigation-scope | 1 | 5 (map) | Object | +----------------------+-------------+-----+---------------+--------+
| scope | 2 | 4 (array) | Array | | ietf-dots-signal-cha | | | | |
| mitigation-id | 3 | 0 (unsigned) | Number | | nnel:mitigation-scope| container | 1 | 5 map | Object |
| acl-list | 4 | 4 (array) | Array | | cdid | string | 2 | 3 text string | String |
| target-port-range | 5 | 4 (array) | Array | | scope | list | 3 | 4 array | Array |
| lower-port | 6 | 0 (unsigned) | Number | | cuid | string | 4 | 3 text string | String |
| upper-port | 7 | 0 (unsigned) | Number | | mid | uint32 | 5 | 0 unsigned | Number |
| target-protocol | 8 | 4 (array) | Array | | target-prefix | leaf-list | 6 | 4 array | Array |
| | | 0 (unsigned) | Number | | | inet: | | | |
| target-fqdn | 9 | 4 (array) | Array | | | ip-prefix | | 3 text string | String |
| | | 3 (text string) | String | | target-port-range | list | 7 | 4 array | Array |
| target-uri | 10 | 4 (array) | Array | | lower-port | inet: | | | |
| | | 3 (text string) | String | | | port-number| 8 | 0 unsigned | Number |
| alias-name | 11 | 4 (array) | Array | | upper-port | inet: | | | |
| | | 3 (text string) | String | | | port-number| 9 | 0 unsigned | Number |
| lifetime | 12 | 0 (unsigned) | Number | | target-protocol | leaf-list | 10 | 4 array | Array |
| attack-status | 13 | 0 (unsigned) | Number | | | uint8 | | 0 unsigned | Number |
| signal-config | 14 | 5 (map) | Object | | target-fqdn | leaf-list | 11 | 4 array | Array |
| heartbeat-interval | 15 | 5 (map) | Object | | | inet: | | | |
| max-retransmit | 16 | 5 (map) | Object | | | domain-name| | 3 text string | String |
| ack-timeout | 17 | 5 (map) | Object | | target-uri | leaf-list | 12 | 4 array | Array |
| ack-random-factor | 18 | 5 (map) | Object | | | inet:uri | | 3 text string | String |
| min-value | 19 | 0 (unsigned) | Number | | alias-name | leaf-list | 13 | 4 array | Array |
| max-value | 20 | 0 (unsigned) | Number | | | string | | 3 text string | String |
| status | 21 | 0 (unsigned) | Number | | lifetime | int32 | 14 | 0 unsigned | Number |
| conflict-information | 22 | 5 (map) | Object | | | | | 1 negative | Number |
| conflict-status | 23 | 0 (unsigned) | Number | | mitigation-start | uint64 | 15 | 0 unsigned | String |
| conflict-cause | 24 | 0 (unsigned) | Number | | status | enumeration | 16 | 0 unsigned | String |
| retry-timer | 25 | 0 (unsigned) | Number | | conflict-information | container | 17 | 5 map | Object |
| bytes-dropped | 26 | 0 (unsigned) | String | | conflict-status | enumeration | 18 | 0 unsigned | String |
| bps-dropped | 27 | 0 (unsigned) | String | | conflict-cause | enumeration | 19 | 0 unsigned | String |
| pkts-dropped | 28 | 0 (unsigned) | String | | retry-timer | uint32 | 20 | 0 unsigned | Number |
| pps-dropped | 29 | 0 (unsigned) | String | | conflict-scope | container | 21 | 5 map | Object |
| session-id | 30 | 0 (unsigned) | Number | | acl-list | list | 22 | 4 array | Array |
| trigger-mitigation | 31 | 7 (simple type) | true/false | | acl-name | leafref | 23 | 3 text string | String |
| missing-hb-allowed | 32 | 5 (map) | Object | | acl-type | leafref | 24 | 3 text string | String |
| current-value | 33 | 0 (unsigned) | Number | | bytes-dropped | yang:zero- | | | |
| mitigation-start | 34 | 7 (floating-point) | Number | | | based- | | | |
| target-prefix | 35 | 4 (array) | Array | | | counter64 | 25 | 0 unsigned | String |
| | | 3 (text string) | String | | bps-dropped | yang:zero- | | | |
| client-domain-hash | 36 | 3 (text string) | String | | | based- | | | |
| alt-server | 37 | 3 (text string) | String | | | counter64 | 26 | 0 unsigned | String |
| alt-server-record | 38 | 4 (array) | Array | | pkts-dropped | yang:zero- | | | |
| addr | 39 | 3 (text string) | String | | | based- | | | |
| ttl | 40 | 0 (unsigned) | Number | | | counter64 | 27 | 0 unsigned | String |
| conflict-scope | 41 | 5 (map) | Object | | pps-dropped | yang:zero- | | | |
| acl-name | 42 | 3 (text string) | String | | | based- | | | |
| acl-type | 43 | 3 (text string) | String | | | counter64 | 28 | 0 unsigned | String |
| config-interval | 44 | 0 (unsigned) | Number | | attack-status | enumeration | 29 | 0 unsigned | String |
| mitigating-config | 45 | 5 (map) | Object | | ietf-dots-signal- | | | | |
| idle-config | 46 | 5 (map) | Object | | channel:signal-config| container | 30 | 5 map | Object |
| cuid | 47 | 3 (text string) | String | | sid | uint32 | 31 | 0 unsigned | Number |
| min-value-decimal | 48 | 7 (floating-point) | Number | | mitigating-config | container | 32 | 5 map | Object |
| max-value-decimal | 49 | 7 (floating-point) | Number | | heartbeat-interval | container | 33 | 5 map | Object |
| current-value-decimal | 50 | 7 (floating-point) | Number | | max-value | uint16 | 34 | 0 unsigned | Number |
+-----------------------+---------+--------------------+------------+ | min-value | uint16 | 35 | 0 unsigned | Number |
| current-value | uint16 | 36 | 0 unsigned | Number |
| missing-hb-allowed | container | 37 | 5 map | Object |
| max-retransmit | container | 38 | 5 map | Object |
| ack-timeout | container | 39 | 5 map | Object |
| ack-random-factor | container | 40 | 5 map | Object |
| max-value-decimal | decimal64 | 41 | 6 tag 4 | |
| | | | [-2, integer]| String |
| min-value-decimal | decimal64 | 42 | 6 tag 4 | |
| | | | [-2, integer]| String |
| current-value-decimal| decimal64 | 43 | 6 tag 4 | |
| | | | [-2, integer]| String |
| idle-config | container | 44 | 5 map | Object |
| trigger-mitigation | boolean | 45 | 7 bits 20 | False |
| | | | 7 bits 21 | True |
| config-interval | uint32 | 46 | 0 unsigned | Number |
| ietf-dots-signal-cha | | | | |
|nnel:redirected-signal| container | 47 | 5 map | Object |
| alt-server | string | 48 | 3 text string | String |
| alt-server-record | list | 49 | 4 array | Array |
| addr | inet: | | | |
| | ip-address | 50 | 3 text string | String |
| ttl | uint32 | 51 | 0 unsigned | Number |
+----------------------+-------------+-----+---------------+--------+
Table 4: CBOR Mappings Used in DOTS Signal Channel Messages Table 4: CBOR Mappings Used in DOTS Signal Channel Messages
7. (D)TLS Protocol Profile and Performance Considerations 7. (D)TLS Protocol Profile and Performance Considerations
7.1. (D)TLS Protocol Profile 7.1. (D)TLS Protocol Profile
This section defines the (D)TLS protocol profile of DOTS signal This section defines the (D)TLS protocol profile of DOTS signal
channel over (D)TLS and DOTS data channel over TLS. channel over (D)TLS and DOTS data channel over TLS.
There are known attacks on (D)TLS, such as man-in-the-middle and There are known attacks on (D)TLS, such as man-in-the-middle and
protocol downgrade attacks. These are general attacks on (D)TLS and, protocol downgrade attacks. These are general attacks on (D)TLS and,
skipping to change at page 70, line 30 skipping to change at page 69, line 43
[DOTS signal message] <-------> [DOTS signal message] [DOTS signal message] <-------> [DOTS signal message]
Figure 25: TLS 1.3 handshake with 0-RTT Figure 25: TLS 1.3 handshake with 0-RTT
7.3. MTU and Fragmentation 7.3. MTU and Fragmentation
To avoid DOTS signal message fragmentation and the subsequent To avoid DOTS signal message fragmentation and the subsequent
decreased probability of message delivery, DOTS agents MUST ensure decreased probability of message delivery, DOTS agents MUST ensure
that the DTLS record MUST fit within a single datagram. If the path that the DTLS record MUST fit within a single datagram. If the path
MTU is not known to the DOTS server, an IP MTU of 1280 bytes SHOULD MTU is not known to the DOTS server, an IP MTU of 1280 bytes SHOULD
be assumed. The length of the URL MUST NOT exceed 256 bytes. If UDP be assumed. If UDP is used to convey the DOTS signal messages then
is used to convey the DOTS signal messages then the DOTS client must the DOTS client must consider the amount of record expansion expected
consider the amount of record expansion expected by the DTLS by the DTLS processing when calculating the size of CoAP message that
processing when calculating the size of CoAP message that fits within fits within the path MTU. Path MTU MUST be greater than or equal to
the path MTU. Path MTU MUST be greater than or equal to [CoAP [CoAP message size + DTLS overhead of 13 octets + authentication
message size + DTLS overhead of 13 octets + authentication overhead overhead of the negotiated DTLS cipher suite + block padding
of the negotiated DTLS cipher suite + block padding (Section 4.1.1.1 (Section 4.1.1.1 of [RFC6347]). If the request size exceeds the path
of [RFC6347]). If the request size exceeds the path MTU then the MTU then the DOTS client MUST split the DOTS signal into separate
DOTS client MUST split the DOTS signal into separate messages, for messages, for example the list of addresses in the 'target-prefix'
example the list of addresses in the 'target-prefix' parameter could parameter could be split into multiple lists and each list conveyed
be split into multiple lists and each list conveyed in a new PUT in a new PUT request.
request.
Implementation Note: DOTS choice of message size parameters works Implementation Note: DOTS choice of message size parameters works
well with IPv6 and with most of today's IPv4 paths. However, with well with IPv6 and with most of today's IPv4 paths. However, with
IPv4, it is harder to reliably ensure that there is no IP IPv4, it is harder to reliably ensure that there is no IP
fragmentation. If IPv4 path MTU is unknown, implementations may want fragmentation. If IPv4 path MTU is unknown, implementations may want
to limit themselves to more conservative IPv4 datagram sizes such as to limit themselves to more conservative IPv4 datagram sizes such as
576 bytes, as per [RFC0791]. IP packets whose size does not exceed 576 bytes, as per [RFC0791]. IP packets whose size does not exceed
576 bytes should never need to be fragmented: therefore, sending a 576 bytes should never need to be fragmented: therefore, sending a
maximum of 500 bytes of DOTS signal over a UDP datagram will maximum of 500 bytes of DOTS signal over a UDP datagram will
generally avoid IP fragmentation. generally avoid IP fragmentation.
skipping to change at page 72, line 23 skipping to change at page 72, line 7
Also, DOTS gateways and servers located in different domains MUST Also, DOTS gateways and servers located in different domains MUST
perform mutual authentication (e.g., using certificates). A DOTS perform mutual authentication (e.g., using certificates). A DOTS
server will only allow a DOTS gateway with a certificate for a server will only allow a DOTS gateway with a certificate for a
particular domain to request mitigation for that domain. In particular domain to request mitigation for that domain. In
reference to Figure 26, the DOTS server only allows the DOTS gateway reference to Figure 26, the DOTS server only allows the DOTS gateway
to request mitigation for 'example.com' domain and not for other to request mitigation for 'example.com' domain and not for other
domains. domains.
9. IANA Considerations 9. IANA Considerations
This specification registers a service port (Section 9.1), an URI This specification registers a service port (Section 9.1), a URI
suffix in the Well-Known URIs registry (Section 9.2), a CoAP response suffix in the Well-Known URIs registry (Section 9.2), a CoAP response
code (Section 9.3), a YANG module (Section 9.5). It also creates a code (Section 9.3), a YANG module (Section 9.5). It also creates a
registry for mappings to CBOR (Section 9.4). registry for mappings to CBOR (Section 9.4).
9.1. DOTS Signal Channel UDP and TCP Port Number 9.1. DOTS Signal Channel UDP and TCP Port Number
IANA is requested to assign the port number TBD to the DOTS signal IANA is requested to assign the port number TBD to the DOTS signal
channel protocol for both UDP and TCP from the "Service Name and channel protocol for both UDP and TCP from the "Service Name and
Transport Protocol Port Number Registry" available at Transport Protocol Port Number Registry" available at
https://www.iana.org/assignments/service-names-port-numbers/service- https://www.iana.org/assignments/service-names-port-numbers/service-
names-port-numbers.xhtml. names-port-numbers.xhtml.
The assignment of port number 4646 is strongly suggested, as 4646 is The assignment of port number 4646 is strongly suggested, as 4646 is
the ASCII decimal value for ".." (DOTS). the ASCII decimal value for ".." (DOTS).
9.2. Well-Known 'dots' URI 9.2. Well-Known 'dots' URI
This document requests IANA to register the 'dots' well-known URI in This document requests IANA to register the 'dots' well-known URI in
the Well-Known URIs registry (https://www.iana.org/assignments/well- the Well-Known URIs registry (https://www.iana.org/assignments/well-
known-uris/well-known-uris.xhtml) as defined by [RFC5785]. known-uris/well-known-uris.xhtml) as defined by [RFC5785]:
URI suffix: dots
Change controller: IETF
Specification document(s): This RFC +----------+----------------+---------------------+-----------------+
| URI | Change | Specification | Related |
| suffix | controller | document(s) | information |
+----------+----------------+---------------------+-----------------+
| dots | IETF | [RFCXXXX] | None |
+----------+----------------+---------------------+-----------------+
Related information: None Table 5: 'dots' well-known URI
9.3. CoAP Response Code 9.3. CoAP Response Code
IANA is requested to add the following entry to the "CoAP Response IANA is requested to add the following entry to the "CoAP Response
Codes" sub-registry available at https://www.iana.org/assignments/ Codes" sub-registry available at https://www.iana.org/assignments/
core-parameters/core-parameters.xhtml#response-codes: core-parameters/core-parameters.xhtml#response-codes:
+------+------------------+-----------+ +------+------------------+-----------+
| Code | Description | Reference | | Code | Description | Reference |
+------+------------------+-----------+ +------+------------------+-----------+
| 3.00 | Alternate Server | [RFCXXXX] | | 3.00 | Alternate Server | [RFCXXXX] |
+------+------------------+-----------+ +------+------------------+-----------+
Table 5: CoAP Response Code Table 6: CoAP Response Code
9.4. DOTS Signal Channel CBOR Mappings Registry 9.4. DOTS Signal Channel CBOR Mappings Registry
The document requests IANA to create a new registry, entitled "DOTS The document requests IANA to create a new registry, entitled "DOTS
Signal Channel CBOR Mappings Registry". The structure of this Signal Channel CBOR Mappings Registry". The structure of this
registry is provided in Section 9.4.1. registry is provided in Section 9.4.1.
The registry is initially populated with the values in Section 9.4.2. The registry is initially populated with the values in Section 9.4.2.
Values from that registry MUST be assigned via Expert Review Values from that registry MUST be assigned via Expert Review
skipping to change at page 74, line 5 skipping to change at page 73, line 40
For Standards Track RFCs, list the "IESG". For others, give the For Standards Track RFCs, list the "IESG". For others, give the
name of the responsible party. Other details (e.g., postal name of the responsible party. Other details (e.g., postal
address, email address, home page URI) may also be included. address, email address, home page URI) may also be included.
Specification Document(s): Specification Document(s):
Reference to the document or documents that specify the parameter, Reference to the document or documents that specify the parameter,
preferably including URIs that can be used to retrieve copies of preferably including URIs that can be used to retrieve copies of
the documents. An indication of the relevant sections may also be the documents. An indication of the relevant sections may also be
included but is not required. included but is not required.
9.4.2. Initial Registry Contents 9.4.2. Initial Registry Content
o Parameter Name: mitigation-scope
o CBOR Key Value: 1
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: scope
o CBOR Key Value: 2
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: mitigation-id
o CBOR Key Value: 3
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: acl-list
o CBOR Key Value: 4
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: target-port-range
o CBOR Key Value: 5
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: lower-port
o CBOR Key Value: 6
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: upper-port
o CBOR Key Value: 7
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: target-protocol
o CBOR Key Value: 8
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: target-fqdn
o CBOR Key Value: 9
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: target-uri
o CBOR Key Value: 10
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: alias-name
o CBOR Key Value: 11
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: lifetime
o CBOR Key Value: 12
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: attack-status
o CBOR Key Value: 13
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: signal-config
o CBOR Key Value: 14
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: heartbeat-interval
o CBOR Key Value: 15
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: max-retransmit
o CBOR Key Value: 16
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: ack-timeout
o CBOR Key Value: 17
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: ack-random-factor
o CBOR Key Value: 18
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: min-value
o CBOR Key Value: 19
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: max-value
o CBOR Key Value: 20
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: status
o CBOR Key Value: 21
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: conflict-information
o CBOR Key Value: 22
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: conflict-status
o CBOR Key Value: 23
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: conflict-cause
o CBOR Key Value: 24
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: retry-timer
o CBOR Key Value: 25
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: bytes-dropped
o CBOR Key Value: 26
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: bps-dropped
o CBOR Key Value: 27
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: pkts-dropped
o CBOR Key Value: 28
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: pps-dropped
o CBOR Key Value: 29
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: session-id
o CBOR Key Value: 30
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: trigger-mitigation
o CBOR Key Value: 31
o CBOR Major Type: 7
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: missing-hb-allowed
o CBOR Key Value: 32
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: current-value
o CBOR Key Value: 33
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: mitigation-start
o CBOR Key Value: 34
o CBOR Major Type: 7
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: target-prefix
o CBOR Key Value: 35
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: client-domain-hash
o CBOR Key Value: 36
o CBOR Major Type: 3
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: alt-server
o CBOR Key Value: 37
o CBOR Major Type: 3
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: alt-server-record
o CBOR Key Value: 38
o CBOR Major Type: 4
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: addr
o CBOR Key Value: 39
o CBOR Major Type: 3
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: ttl
o CBOR Key Value: 40
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: conflict-scope
o CBOR Key Value: 41
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: acl-name
o CBOR Key Value: 42
o CBOR Major Type: 3
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: acl-type
o CBOR Key Value: 43
o CBOR Major Type: 3
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: config-interval
o CBOR Key Value: 44
o CBOR Major Type: 0
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: mitigating-config
o CBOR Key Value: 45
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: idle-config
o CBOR Key Value: 46
o CBOR Major Type: 5
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: cuid
o CBOR Key Value: 47
o CBOR Major Type: 3
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: min-value-decimal
o CBOR Key Value: 48
o CBOR Major Type: 7
o Change Controller: IESG
o Specification Document(s): this document
o Parameter Name: max-value-decimal +----------------------+-------+-------+------------+---------------+
o CBOR Key Value: 49 | Parameter Name | CBOR | CBOR | Change | Specification |
o CBOR Major Type: 7 | | Key | Major | Controller | Document(s) |
o Change Controller: IESG | | Value | Type | | |
o Specification Document(s): this document +----------------------+-------+-------+------------+---------------+
| ietf-dots-signal-chan| 1 | 5 | IESG | [RFCXXXX] |
| nel:mitigation-scope | | | | |
| cdid | 2 | 3 | IESG | [RFCXXXX] |
| scope | 3 | 4 | IESG | [RFCXXXX] |
| cuid | 4 | 3 | IESG | [RFCXXXX] |
| mid | 5 | 0 | IESG | [RFCXXXX] |
| target-prefix | 6 | 4 | IESG | [RFCXXXX] |
| target-port-range | 7 | 4 | IESG | [RFCXXXX] |
| lower-port | 8 | 0 | IESG | [RFCXXXX] |
| upper-port | 9 | 0 | IESG | [RFCXXXX] |
| target-protocol | 10 | 4 | IESG | [RFCXXXX] |
| target-fqdn | 11 | 4 | IESG | [RFCXXXX] |
| target-uri | 12 | 4 | IESG | [RFCXXXX] |
| alias-name | 13 | 4 | IESG | [RFCXXXX] |
| lifetime | 14 | 0/1 | IESG | [RFCXXXX] |
| mitigation-start | 15 | 0 | IESG | [RFCXXXX] |
| status | 16 | 0 | IESG | [RFCXXXX] |
| conflict-information | 17 | 5 | IESG | [RFCXXXX] |
| conflict-status | 18 | 0 | IESG | [RFCXXXX] |
| conflict-cause | 19 | 0 | IESG | [RFCXXXX] |
| retry-timer | 20 | 0 | IESG | [RFCXXXX] |
| conflict-scope | 21 | 5 | IESG | [RFCXXXX] |
| acl-list | 22 | 4 | IESG | [RFCXXXX] |
| acl-name | 23 | 3 | IESG | [RFCXXXX] |
| acl-type | 24 | 3 | IESG | [RFCXXXX] |
| bytes-dropped | 25 | 0 | IESG | [RFCXXXX] |
| bps-dropped | 26 | 0 | IESG | [RFCXXXX] |
| pkts-dropped | 27 | 0 | IESG | [RFCXXXX] |
| pps-dropped | 28 | 0 | IESG | [RFCXXXX] |
| attack-status | 29 | 0 | IESG | [RFCXXXX] |
| ietf-dots-signal- | 30 | 5 | IESG | [RFCXXXX] |
| channel:signal-config| | | | |
| sid | 31 | 0 | IESG | [RFCXXXX] |
| mitigating-config | 32 | 5 | IESG | [RFCXXXX] |
| heartbeat-interval | 33 | 5 | IESG | [RFCXXXX] |
| min-value | 34 | 0 | IESG | [RFCXXXX] |
| max-value | 35 | 0 | IESG | [RFCXXXX] |
| current-value | 36 | 0 | IESG | [RFCXXXX] |
| missing-hb-allowed | 37 | 5 | IESG | [RFCXXXX] |
| max-retransmit | 38 | 5 | IESG | [RFCXXXX] |
| ack-timeout | 39 | 5 | IESG | [RFCXXXX] |
| ack-random-factor | 40 | 5 | IESG | [RFCXXXX] |
| min-value-decimal | 41 | 6tag4 | IESG | [RFCXXXX] |
| max-value-decimal | 42 | 6tag4 | IESG | [RFCXXXX] |
| current-value- | 43 | 6tag4 | IESG | [RFCXXXX] |
| decimal | | | | |
| idle-config | 44 | 5 | IESG | [RFCXXXX] |
| trigger-mitigation | 45 | 7 | IESG | [RFCXXXX] |
| config-interval | 46 | 0 | IESG | [RFCXXXX] |
| ietf-dots-signal-chan| 47 | 5 | IESG | [RFCXXXX] |
| nel:redirected-signal| | | | |
| alt-server | 48 | 3 | IESG | [RFCXXXX] |
| alt-server-record | 49 | 4 | IESG | [RFCXXXX] |
| addr | 50 | 3 | IESG | [RFCXXXX] |
| ttl | 51 | 0 | IESG | [RFCXXXX] |
+----------------------+-------+-------+------------+---------------+
o Parameter Name: current-value-decimal Table 7: Initial DOTS Signal Channel CBOR Mappings Registry
o CBOR Key Value: 50
o CBOR Major Type: 7
o Change Controller: IESG
o Specification Document(s): this document
9.5. DOTS Signal Channel YANG Module 9.5. DOTS Signal Channel YANG Module
This document requests IANA to register the following URI in the This document requests IANA to register the following URI in the
"IETF XML Registry" [RFC3688]: "IETF XML Registry" [RFC3688]:
URI: urn:ietf:params:xml:ns:yang:ietf-dots-signal URI: urn:ietf:params:xml:ns:yang:ietf-dots-signal-channel
Registrant Contact: The IESG. Registrant Contact: The IESG.
XML: N/A; the requested URI is an XML namespace. XML: N/A; the requested URI is an XML namespace.
This document requests IANA to register the following YANG module in This document requests IANA to register the following YANG module in
the "YANG Module Names" registry [RFC7950]. the "YANG Module Names" registry [RFC7950].
name: ietf-signal name: ietf-signal
namespace: urn:ietf:params:xml:ns:yang:ietf-dots-signal namespace: urn:ietf:params:xml:ns:yang:ietf-dots-signal-channel
prefix: signal prefix: signal
reference: RFC XXXX reference: RFC XXXX
10. Implementation Status 10. Implementation Status
[Note to RFC Editor: Please remove this section and reference to [Note to RFC Editor: Please remove this section and reference to
[RFC7942] prior to publication.] [RFC7942] prior to publication.]
This section records the status of known implementations of the This section records the status of known implementations of the
protocol defined by this specification at the time of posting this protocol defined by this specification at the time of posting this
Internet-Draft, and is based upon a proposal described in [RFC7942]. Internet-Draft, and is based upon a proposal described in [RFC7942].
The description of implementations in this section is intended to The description of implementations in this section is intended to
skipping to change at page 82, line 10 skipping to change at page 77, line 10
If TCP is used between DOTS agents, an attacker may be able to inject If TCP is used between DOTS agents, an attacker may be able to inject
RST packets, bogus application segments, etc., regardless of whether RST packets, bogus application segments, etc., regardless of whether
TLS authentication is used. Because the application data is TLS TLS authentication is used. Because the application data is TLS
protected, this will not result in the application receiving bogus protected, this will not result in the application receiving bogus
data, but it will constitute a DoS on the connection. This attack data, but it will constitute a DoS on the connection. This attack
can be countered by using TCP-AO [RFC5925]. If TCP-AO is used, then can be countered by using TCP-AO [RFC5925]. If TCP-AO is used, then
any bogus packets injected by an attacker will be rejected by the any bogus packets injected by an attacker will be rejected by the
TCP-AO integrity check and therefore will never reach the TLS layer. TCP-AO integrity check and therefore will never reach the TLS layer.
Rate-limiting DOTS requests, including those with new 'cuid' values,
from the same DOTS client defends against DoS attacks that would
result in varying the 'cuid' to exhaust DOTS server resources. Rate-
limit policies SHOULD be enforced on DOTS gateways (if deployed) and
DOTS servers.
In order to prevent leaking internal information outside a client- In order to prevent leaking internal information outside a client-
domain, DOTS gateways located in the client-domain SHOULD NOT reveal domain, DOTS gateways located in the client-domain SHOULD NOT reveal
the identification information that pertains to internal DOTS clients the identification information that pertains to internal DOTS clients
(e.g., source IP address, client's hostname) unless explicitly (e.g., source IP address, client's hostname) unless explicitly
configured to do so. configured to do so.
Special care should be taken in order to ensure that the activation Special care should be taken in order to ensure that the activation
of the proposed mechanism will not impact the stability of the of the proposed mechanism will not impact the stability of the
network (including connectivity and services delivered over that network (including connectivity and services delivered over that
network). network).
12. Contributors 12. Contributors
The following individuals have contributed to this document: The following individuals have contributed to this document:
Mike Geller Cisco Systems, Inc. 3250 Florida 33309 USA Email: o Mike Geller, Cisco Systems, Inc. 3250 Florida 33309 USA, Email:
mgeller@cisco.com mgeller@cisco.com
Robert Moskowitz HTT Consulting Oak Park, MI 42837 United States o Robert Moskowitz, HTT Consulting Oak Park, MI 42837 United States,
Email: rgm@htt-consult.com Email: rgm@htt-consult.com
Dan Wing Email: dwing-ietf@fuggles.com o Dan Wing, Email: dwing-ietf@fuggles.com
o Jon Shallow, NCC Group, Email: jon.shallow@nccgroup.trust
13. Acknowledgements 13. Acknowledgements
Thanks to Christian Jacquenet, Roland Dobbins, Roman D. Danyliw, Thanks to Christian Jacquenet, Roland Dobbins, Roman D. Danyliw,
Michael Richardson, Ehud Doron, Kaname Nishizuka, Dave Dolson, Liang Michael Richardson, Ehud Doron, Kaname Nishizuka, Dave Dolson, Liang
Xia, Gilbert Clark, and Nesredien Suleiman for the discussion and Xia, Gilbert Clark, and Nesredien Suleiman for the discussion and
comments. comments.
Special thanks to Jon Shallow for the careful reviews and inputs that Special thanks to Jon Shallow for the careful reviews and inputs that
enhanced this specification. enhanced this specification.
skipping to change at page 86, line 13 skipping to change at page 81, line 18
December 2017. December 2017.
[I-D.ietf-tls-dtls13] [I-D.ietf-tls-dtls13]
Rescorla, E., Tschofenig, H., and N. Modadugu, "The Rescorla, E., Tschofenig, H., and N. Modadugu, "The
Datagram Transport Layer Security (DTLS) Protocol Version Datagram Transport Layer Security (DTLS) Protocol Version
1.3", draft-ietf-tls-dtls13-22 (work in progress), 1.3", draft-ietf-tls-dtls13-22 (work in progress),
November 2017. November 2017.
[I-D.ietf-tls-tls13] [I-D.ietf-tls-tls13]
Rescorla, E., "The Transport Layer Security (TLS) Protocol Rescorla, E., "The Transport Layer Security (TLS) Protocol
Version 1.3", draft-ietf-tls-tls13-22 (work in progress), Version 1.3", draft-ietf-tls-tls13-23 (work in progress),
November 2017. January 2018.
[proto_numbers] [proto_numbers]
"IANA, "Protocol Numbers"", 2011, "IANA, "Protocol Numbers"", 2011,
<http://www.iana.org/assignments/protocol-numbers>. <http://www.iana.org/assignments/protocol-numbers>.
[RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791, [RFC0791] Postel, J., "Internet Protocol", STD 5, RFC 791,
DOI 10.17487/RFC0791, September 1981, DOI 10.17487/RFC0791, September 1981,
<https://www.rfc-editor.org/info/rfc791>. <https://www.rfc-editor.org/info/rfc791>.
[RFC1983] Malkin, G., Ed., "Internet Users' Glossary", FYI 18,
RFC 1983, DOI 10.17487/RFC1983, August 1996,
<https://www.rfc-editor.org/info/rfc1983>.
[RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network [RFC3022] Srisuresh, P. and K. Egevang, "Traditional IP Network
Address Translator (Traditional NAT)", RFC 3022, Address Translator (Traditional NAT)", RFC 3022,
DOI 10.17487/RFC3022, January 2001, DOI 10.17487/RFC3022, January 2001,
<https://www.rfc-editor.org/info/rfc3022>. <https://www.rfc-editor.org/info/rfc3022>.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, DOI 10.17487/RFC3986, January 2005, RFC 3986, DOI 10.17487/RFC3986, January 2005,
<https://www.rfc-editor.org/info/rfc3986>. <https://www.rfc-editor.org/info/rfc3986>.
[RFC4086] Eastlake 3rd, D., Schiller, J., and S. Crocker,
"Randomness Requirements for Security", BCP 106, RFC 4086,
DOI 10.17487/RFC4086, June 2005,
<https://www.rfc-editor.org/info/rfc4086>.
[RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram [RFC4340] Kohler, E., Handley, M., and S. Floyd, "Datagram
Congestion Control Protocol (DCCP)", RFC 4340, Congestion Control Protocol (DCCP)", RFC 4340,
DOI 10.17487/RFC4340, March 2006, DOI 10.17487/RFC4340, March 2006,
<https://www.rfc-editor.org/info/rfc4340>. <https://www.rfc-editor.org/info/rfc4340>.
[RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing [RFC4632] Fuller, V. and T. Li, "Classless Inter-domain Routing
(CIDR): The Internet Address Assignment and Aggregation (CIDR): The Internet Address Assignment and Aggregation
Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August Plan", BCP 122, RFC 4632, DOI 10.17487/RFC4632, August
2006, <https://www.rfc-editor.org/info/rfc4632>. 2006, <https://www.rfc-editor.org/info/rfc4632>.
[RFC4732] Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet [RFC4732] Handley, M., Ed., Rescorla, E., Ed., and IAB, "Internet
Denial-of-Service Considerations", RFC 4732, Denial-of-Service Considerations", RFC 4732,
DOI 10.17487/RFC4732, December 2006, DOI 10.17487/RFC4732, December 2006,
<https://www.rfc-editor.org/info/rfc4732>. <https://www.rfc-editor.org/info/rfc4732>.
[RFC4787] Audet, F., Ed. and C. Jennings, "Network Address [RFC4787] Audet, F., Ed. and C. Jennings, "Network Address
Translation (NAT) Behavioral Requirements for Unicast Translation (NAT) Behavioral Requirements for Unicast
UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January UDP", BCP 127, RFC 4787, DOI 10.17487/RFC4787, January
2007, <https://www.rfc-editor.org/info/rfc4787>. 2007, <https://www.rfc-editor.org/info/rfc4787>.
[RFC4941] Narten, T., Draves, R., and S. Krishnan, "Privacy
Extensions for Stateless Address Autoconfiguration in
IPv6", RFC 4941, DOI 10.17487/RFC4941, September 2007,
<https://www.rfc-editor.org/info/rfc4941>.
[RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol", [RFC4960] Stewart, R., Ed., "Stream Control Transmission Protocol",
RFC 4960, DOI 10.17487/RFC4960, September 2007, RFC 4960, DOI 10.17487/RFC4960, September 2007,
<https://www.rfc-editor.org/info/rfc4960>. <https://www.rfc-editor.org/info/rfc4960>.
[RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common [RFC4987] Eddy, W., "TCP SYN Flooding Attacks and Common
Mitigations", RFC 4987, DOI 10.17487/RFC4987, August 2007, Mitigations", RFC 4987, DOI 10.17487/RFC4987, August 2007,
<https://www.rfc-editor.org/info/rfc4987>. <https://www.rfc-editor.org/info/rfc4987>.
[RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig, [RFC5077] Salowey, J., Zhou, H., Eronen, P., and H. Tschofenig,
"Transport Layer Security (TLS) Session Resumption without "Transport Layer Security (TLS) Session Resumption without
skipping to change at page 87, line 42 skipping to change at page 82, line 42
[RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful [RFC6146] Bagnulo, M., Matthews, P., and I. van Beijnum, "Stateful
NAT64: Network Address and Protocol Translation from IPv6 NAT64: Network Address and Protocol Translation from IPv6
Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146, Clients to IPv4 Servers", RFC 6146, DOI 10.17487/RFC6146,
April 2011, <https://www.rfc-editor.org/info/rfc6146>. April 2011, <https://www.rfc-editor.org/info/rfc6146>.
[RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix [RFC6296] Wasserman, M. and F. Baker, "IPv6-to-IPv6 Network Prefix
Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011, Translation", RFC 6296, DOI 10.17487/RFC6296, June 2011,
<https://www.rfc-editor.org/info/rfc6296>. <https://www.rfc-editor.org/info/rfc6296>.
[RFC6555] Wing, D. and A. Yourtchenko, "Happy Eyeballs: Success with
Dual-Stack Hosts", RFC 6555, DOI 10.17487/RFC6555, April
2012, <https://www.rfc-editor.org/info/rfc6555>.
[RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown, [RFC6724] Thaler, D., Ed., Draves, R., Matsumoto, A., and T. Chown,
"Default Address Selection for Internet Protocol Version 6 "Default Address Selection for Internet Protocol Version 6
(IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012, (IPv6)", RFC 6724, DOI 10.17487/RFC6724, September 2012,
<https://www.rfc-editor.org/info/rfc6724>. <https://www.rfc-editor.org/info/rfc6724>.
[RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and [RFC6887] Wing, D., Ed., Cheshire, S., Boucadair, M., Penno, R., and
P. Selkirk, "Port Control Protocol (PCP)", RFC 6887, P. Selkirk, "Port Control Protocol (PCP)", RFC 6887,
DOI 10.17487/RFC6887, April 2013, DOI 10.17487/RFC6887, April 2013,
<https://www.rfc-editor.org/info/rfc6887>. <https://www.rfc-editor.org/info/rfc6887>.
[RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa, [RFC6888] Perreault, S., Ed., Yamagata, I., Miyakawa, S., Nakagawa,
A., and H. Ashida, "Common Requirements for Carrier-Grade A., and H. Ashida, "Common Requirements for Carrier-Grade
NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888, NATs (CGNs)", BCP 127, RFC 6888, DOI 10.17487/RFC6888,
April 2013, <https://www.rfc-editor.org/info/rfc6888>. April 2013, <https://www.rfc-editor.org/info/rfc6888>.
[RFC7030] Pritikin, M., Ed., Yee, P., Ed., and D. Harkins, Ed.,
"Enrollment over Secure Transport", RFC 7030,
DOI 10.17487/RFC7030, October 2013,
<https://www.rfc-editor.org/info/rfc7030>.
[RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object [RFC7049] Bormann, C. and P. Hoffman, "Concise Binary Object
Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049, Representation (CBOR)", RFC 7049, DOI 10.17487/RFC7049,
October 2013, <https://www.rfc-editor.org/info/rfc7049>. October 2013, <https://www.rfc-editor.org/info/rfc7049>.
[RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP [RFC7413] Cheng, Y., Chu, J., Radhakrishnan, S., and A. Jain, "TCP
Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014, Fast Open", RFC 7413, DOI 10.17487/RFC7413, December 2014,
<https://www.rfc-editor.org/info/rfc7413>. <https://www.rfc-editor.org/info/rfc7413>.
[RFC7452] Tschofenig, H., Arkko, J., Thaler, D., and D. McPherson, [RFC7452] Tschofenig, H., Arkko, J., Thaler, D., and D. McPherson,
"Architectural Considerations in Smart Object Networking", "Architectural Considerations in Smart Object Networking",
skipping to change at page 89, line 13 skipping to change at page 84, line 5
<https://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG", [RFC7951] Lhotka, L., "JSON Encoding of Data Modeled with YANG",
RFC 7951, DOI 10.17487/RFC7951, August 2016, RFC 7951, DOI 10.17487/RFC7951, August 2016,
<https://www.rfc-editor.org/info/rfc7951>. <https://www.rfc-editor.org/info/rfc7951>.
[RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage [RFC8085] Eggert, L., Fairhurst, G., and G. Shepherd, "UDP Usage
Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085, Guidelines", BCP 145, RFC 8085, DOI 10.17487/RFC8085,
March 2017, <https://www.rfc-editor.org/info/rfc8085>. March 2017, <https://www.rfc-editor.org/info/rfc8085>.
[RFC8305] Schinazi, D. and T. Pauly, "Happy Eyeballs Version 2:
Better Connectivity Using Concurrency", RFC 8305,
DOI 10.17487/RFC8305, December 2017,
<https://www.rfc-editor.org/info/rfc8305>.
Authors' Addresses Authors' Addresses
Tirumaleswar Reddy (editor) Tirumaleswar Reddy (editor)
McAfee, Inc. McAfee, Inc.
Embassy Golf Link Business Park Embassy Golf Link Business Park
Bangalore, Karnataka 560071 Bangalore, Karnataka 560071
India India
Email: kondtir@gmail.com Email: kondtir@gmail.com
 End of changes. 320 change blocks. 
1531 lines changed or deleted 1306 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/